[jira] [Commented] (TC-171) ort script should chown ats configuration files.

Mon, 27 Feb 2017 12:16:16 -0800 

    [ 
https://issues.apache.org/jira/browse/TC-171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15886461#comment-15886461
 ] 

ASF GitHub Bot commented on TC-171:
-----------------------------------

GitHub user jrushford opened a pull request:

    https://github.com/apache/incubator-trafficcontrol/pull/317

    TC-171: ort script should chown ats configuration files.

    See Jira TC-171.  Ort script should chown ats config files to the effective 
ats process owner.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/jrushford/incubator-trafficcontrol tc-171

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-trafficcontrol/pull/317.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #317
    
----
commit eec04fb2a954381d3f87fee65e7ccf136dfea6a5
Author: John Rushford <[email protected]>
Date:   2017-02-27T20:08:21Z

    TC-171: ort script should chown ats configuration files.

----


> ort script should chown ats configuration files.
> ------------------------------------------------
>
>                 Key: TC-171
>                 URL: https://issues.apache.org/jira/browse/TC-171
>             Project: Traffic Control
>          Issue Type: Bug
>          Components: Traffic Ops ORT
>    Affects Versions: 1.8.0
>            Reporter: John Rushford
>   Original Estimate: 1m
>  Remaining Estimate: 1m
>
> In the current version of the ort script, trafficserver config file ownership 
> is not changed to the ats user id.  With Centos 7.2 this presents a problem 
> if a config file is owned by root.  ATS uses the link(2) system call to make 
> backup copies of config files.  In Centos 7.2, if an ats config file is owned 
> by root, ats will fail in creating backup config files and loading new config 
> files if the are not owned by the traffic server effective user due to 
> security tightening under Centos 7.2.  The previous Centos 6.2 behavior may 
> be with the symlinks and hardlink system calls may be restored by setting 
> these sysctl settings to the value shown:
> CentOS sysctl settings
> fs.protected_hardlinks = 0
> fs.protected_symlinks = 0
> In any event, the ort script should explicitly chown the ownership of config 
> files to the effective user of trafficserver.  I'll submit a PR to correct 
> this.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to