John Rushford created TC-171:
--------------------------------
Summary: ort script should chown ats configuration files.
Key: TC-171
URL: https://issues.apache.org/jira/browse/TC-171
Project: Traffic Control
Issue Type: Bug
Components: Traffic Ops ORT
Affects Versions: 1.8.0
Reporter: John Rushford
In the current version of the ort script, trafficserver config file ownership
is not changed to the ats user id. With Centos 7.2 this presents a problem if
a config file is owned by root. ATS uses the link(2) system call to make
backup copies of config files. In Centos 7.2, if an ats config file is owned
by root, ats will fail in creating backup config files and loading new config
files if the are not owned by the traffic server effective user due to security
tightening under Centos 7.2. The previous Centos 6.2 behavior may be with the
symlinks and hardlink system calls may be restored by setting these sysctl
settings to the value shown:
CentOS sysctl settings
fs.protected_hardlinks = 0
fs.protected_symlinks = 0
In any event, the ort script should explicitly chown the ownership of config
files to the effective user of trafficserver. I'll submit a PR to correct this.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
