Is CHEF-686 back from the dead? (umask problem)


#1

Hi everyone,

I am seeing umask problems on a test chef install and, before
reopening CHEF-686, I wanted to try to understand if this comes
from my own mistake or if the umask setting code has been lost
since 0.7.16.

I have installed chef 0.9.12 from my own RPMs (which I built for
ruby 1.9.2, which I also package) on CentOS 5.5 x86_64. All the
files and directories created by chef-server and chef-server-webui
are world-writable. As per CHEF-686, I tried to change the umask
in merb-core (lib/merb-core/server.rb) and the problem goes away,
but this is not a real fix. I see that chef is setting its umask in
lib/chef/daemon.rb but I don’t see where this code is called. The
fix for CHEF-686 was applied at the time to chef-server/config/init.rb
and has since disappeared.

Since I am using my own ruby and chef install, I wanted to check
if anyone has the same problem before opening a ticket on JIRA.

Thanks.


Eric-Olivier Lamey


#2

On Mon, Feb 7, 2011 at 10:48 PM, Eric-Olivier Lamey eolamey@gmail.com wrote:

Hi everyone,

I am seeing umask problems on a test chef install and, before
reopening CHEF-686, I wanted to try to understand if this comes
from my own mistake or if the umask setting code has been lost
since 0.7.16.

Hi,

Has anyone seen the same problem as I have? Do you have any log
file, cache or generated certificate which are world writable permission?

If I add
File.umask Chef::Config[:umask]
at the end of “config/init.rb” for chef-server-api and chef-server-webui,
the problem is fixed.

Thank you.


#3

On Saturday, February 12, 2011 at 8:19 AM, Eric-Olivier Lamey wrote:
On Mon, Feb 7, 2011 at 10:48 PM, Eric-Olivier Lamey eolamey@gmail.com wrote:

Hi everyone,

I am seeing umask problems on a test chef install and, before
reopening CHEF-686, I wanted to try to understand if this comes
from my own mistake or if the umask setting code has been lost
since 0.7.16.

Hi,

Has anyone seen the same problem as I have? Do you have any log
file, cache or generated certificate which are world writable permission?

If I add
File.umask Chef::Config[:umask]
at the end of “config/init.rb” for chef-server-api and chef-server-webui,
the problem is fixed.

Thank you.
If you can reliably reproduce this behavior and you have a fix, please reopen the ticket and include this information.

Thanks,


Dan DeLeo


#4

On Sat, Feb 12, 2011 at 8:04 PM, Daniel DeLeo dan@kallistec.com wrote:

Has anyone seen the same problem as I have? Do you have any log
file, cache or generated certificate which are world writable permission??

If I add
File.umask Chef::Config[:umask]
at the end of “config/init.rb” for chef-server-api and chef-server-webui,
the problem is fixed.

Thank you.

If you can reliably reproduce this behavior and you have a fix, please
reopen the ticket and include this information.
Thanks,

Hi,

I can reproduce the problem but I just noticed my fix was not good
enough. Some files are still created with the wrong rights.

I’ll look into it and try to submit a patch.