On 24/02/11 20:30, Tom Georgoulias wrote: > I built a new cobbler server using cobbler-2.0.10-1.el5.noarch.rpm from > EPEL-Testing and noticed that the ACLs have to be redone every time that > cobblerd is restarted. Can anyone else confirm this? I observed this > behavior on 2.0.9 as well, but not on 1.6.6 (which was the release I was > using previously). [...] > As root, restart cobblerd: > > # service cobberd restart > > After the restart, > > $ cobbler > User cannot run command line, need read access to /var/lib/cobbler/web.ss > > As root, regrant the permissions: > # cobbler aclsetup --addgroup=GROUPNAME
Actually this is a bug which I have been meaning to do something about. The issue is with the permission on web.ss - ACLs are masked against the group permissions set on a file and when the file is created with 700 permissions, all ACLs become effectively --- I believe this is common to All cobbler 2+ versions. The reason is likely to be that 2.0+ use the web xmlrpc api for local cobbler commands, whereas on 1.6 the local API was used. web.ss should really be created 740 - its group is 'root' so this really doesn't expose anything. In fact if you hack cobblerd.py to use 740 rather than 700 in regen_ss_file, this is resolved. I'm surprised it hasn't come up more regularly. Stuart -- Stuart Sears RHCA etc. "It's today!" said Piglet. "My favourite day," said Pooh. _______________________________________________ cobbler mailing list [email protected] https://fedorahosted.org/mailman/listinfo/cobbler
