Hello,
Follow attached the patch which fixes the BZ#508936.
At RHN Satellite/Spacewalk documentation, to be able to execute remote
commands, it must exists a file named "run" into
/etc/sysconfig/rhn/allowed-actions/scripts directory.
This patch fixes remote commands only be executed if the file "run"
exists into allowed-actions/scripts directory. All the other files will
be ignored.
To make it consistent, we also fixed KickstartFormatter.java, which now
appends into kickstart the 'run' instead 'all' into
/etc/sysconfig/rhn/allowed-actions directory when rendering the
kickstart file.
After patched, --report option works as expected (ignoring all the
other files created manually) and remote commands will be only executed
when a file "run" exists at allowed-action/scripts directory.
# rhn-actions-control --enable-all ; tree /etc/sysconfig/rhn/allowed-actions
|-- configfiles
| `-- all
`-- script
`-- run
2 directories, 2 files
# rhn-actions-control --report
deploy is enabled
diff is enabled
upload is enabled
mtime_upload is enabled
run is enabled
# rhn-actions-control --disable-all ; tree
/etc/sysconfig/rhn/allowed-actions/
/etc/sysconfig/rhn/allowed-actions/
|-- configfiles
`-- script
2 directories, 0 files
# rhn-actions-control --report
deploy is disabled
diff is disabled
upload is disabled
mtime_upload is disabled
run is disabled
** Even forcing the file, it will be ignored
# touch /etc/sysconfig/rhn/allowed-actions/script/all
# rhn-actions-control --report
deploy is disabled
diff is disabled
upload is disabled
mtime_upload is disabled
run is disabled
Cheers,
Marcelo Moreira de Mello
--
Marcelo Moreira de Mello
RHCA RHCSS RHCVA
Software Maintenance Engineer/SEG
gpg id: 2048R/FDB110E5
gpg fingerprint: 3BE7 EF71 4DD7 6812 D309 8F18 BD42 D095 FDB1 10E5
From: Marcelo Moreira de Mello <mme...@redhat.com>
Date: Thu, 2 Jun 2011 18:58:45 -0300
Subject: [PATCH] RHBZ#508936 - rhn-actions-control honor the
allowed-actions/scripts/run for remote commands
---
client/tools/rhncfg/actions/configfiles.py | 2 +-
.../rhn/manager/kickstart/KickstartFormatter.java | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/client/tools/rhncfg/actions/configfiles.py
b/client/tools/rhncfg/actions/configfiles.py
index 76671ab..73c460b 100755
--- a/client/tools/rhncfg/actions/configfiles.py
+++ b/client/tools/rhncfg/actions/configfiles.py
@@ -51,7 +51,7 @@ def _local_permission_check(action_type):
for i in range(len(atype_structure)):
all_structure = atype_structure[:i]
- all_structure.append('all')
+ all_structure.append('run')
potential_all_path = apply(os.path.join, all_structure)
if os.path.exists(os.path.join(_permission_root_dir,
potential_all_path)):
diff --git
a/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java
b/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java
index 0aa0f75..a4c761a 100644
--- a/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java
+++ b/java/code/src/com/redhat/rhn/manager/kickstart/KickstartFormatter.java
@@ -120,7 +120,7 @@ public class KickstartFormatter {
private static final String WGET_RPMS = "wget -P /tmp/rhn_rpms ";
private static final String REMOTE_CMD =
"mkdir -p /etc/sysconfig/rhn/allowed-actions/script" + NEWLINE +
- "touch /etc/sysconfig/rhn/allowed-actions/script/all";
+ "touch /etc/sysconfig/rhn/allowed-actions/script/run";
private static final String CONFIG_CMD =
"mkdir -p /etc/sysconfig/rhn/allowed-actions/configfiles" + NEWLINE +
"touch /etc/sysconfig/rhn/allowed-actions/configfiles/all";
--
1.7.5.2
_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
