[
https://issues.apache.org/jira/browse/TC-171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15886442#comment-15886442
]
David Neuman commented on TC-171:
---------------------------------
Hey John, Is this the same issue as
https://issues.apache.org/jira/browse/TC-115?
> ort script should chown ats configuration files.
> ------------------------------------------------
>
> Key: TC-171
> URL: https://issues.apache.org/jira/browse/TC-171
> Project: Traffic Control
> Issue Type: Bug
> Components: Traffic Ops ORT
> Affects Versions: 1.8.0
> Reporter: John Rushford
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> In the current version of the ort script, trafficserver config file ownership
> is not changed to the ats user id. With Centos 7.2 this presents a problem
> if a config file is owned by root. ATS uses the link(2) system call to make
> backup copies of config files. In Centos 7.2, if an ats config file is owned
> by root, ats will fail in creating backup config files and loading new config
> files if the are not owned by the traffic server effective user due to
> security tightening under Centos 7.2. The previous Centos 6.2 behavior may
> be with the symlinks and hardlink system calls may be restored by setting
> these sysctl settings to the value shown:
> CentOS sysctl settings
> fs.protected_hardlinks = 0
> fs.protected_symlinks = 0
> In any event, the ort script should explicitly chown the ownership of config
> files to the effective user of trafficserver. I'll submit a PR to correct
> this.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
