[ClusterLabs] Question on permissions for pcsd ghost files

Tomas Jelinek tojeline at redhat.com
Tue Apr 23 06:36:45 EDT 2019 

The files are listed as ghost files in order to let rpm know they belong 
to pcs but are not distributed in rpm packages. Those files are created 
by pcsd in runtime. I guess the 000 permissions come from the fact those 
files are not present in rpm packages.

The real permissions you have look OK to me as long as /var/lib/pcsd has 
700. Files pcsd.cookiesecret, pcsd.crt and pcsd.key should not be 
executable but it does not matter that much. We fixed it pcs-0.9.165. 
The fix doesn't change permissions of existing files, though.


Regards,
Tomas


Dne 19. 04. 19 v 21:20 Hayden,Robert napsal(a):
> Working through an audit and need to determine what the expected 
> permissions are for the following files.
> 
> [root at techval13]# rpm -V pcs
> 
> .M.......  c /var/lib/pcsd/pcs_settings.conf
> 
> .M.......  c /var/lib/pcsd/pcs_users.conf
> 
> .M.......  c /var/lib/pcsd/pcsd.cookiesecret
> 
> .M.......  c /var/lib/pcsd/pcsd.crt
> 
> .M.......  c /var/lib/pcsd/pcsd.key
> 
> .M.......  c /var/lib/pcsd/tokens
> 
> Looking at the RPM spec, these appear to be ghost files with permissions 
> set to 000 in the spec.
> 
> [root at techval13]# rpm -q --dump pcs | grep /var/lib/pcsd/pcs_settings.conf
> 
> /var/lib/pcsd/pcs_settings.conf 0 1541089158 
> 0000000000000000000000000000000000000000000000000000000000000000 0100000 
> root root 1 0 0 X
> 
> Currently, the permissions after a normal installation are listed in the 
> “first” column from my custom report output.  The second column is the 
> “expected” permissions from the RPM spec.
> 
>    644 | 000 | /var/lib/pcsd/pcs_settings.conf | 
> pcs-0.9.165-6.0.1.el7.x86_64
> 
>    644 | 000 | /var/lib/pcsd/pcs_users.conf | pcs-0.9.165-6.0.1.el7.x86_64
> 
>    700 | 000 | /var/lib/pcsd/pcsd.cookiesecret | 
> pcs-0.9.165-6.0.1.el7.x86_64
> 
>    700 | 000 | /var/lib/pcsd/pcsd.crt | pcs-0.9.165-6.0.1.el7.x86_64
> 
>    700 | 000 | /var/lib/pcsd/pcsd.key | pcs-0.9.165-6.0.1.el7.x86_64
> 
>    600 | 000 | /var/lib/pcsd/tokens | pcs-0.9.165-6.0.1.el7.x86_64
> 
> Any help or guidance would be greatly appreciated.
> 
> 
> Thanks
> 
> Robert
> 
> CONFIDENTIALITY NOTICE This message and any included attachments are 
> from Cerner Corporation and are intended only for the addressee. The 
> information contained in this message is confidential and may constitute 
> inside or non-public information under international, federal, or state 
> securities laws. Unauthorized forwarding, printing, copying, 
> distribution, or use of such information is strictly prohibited and may 
> be unlawful. If you are not the addressee, please promptly delete this 
> message and notify the sender of the delivery error by e-mail or you may 
> call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1) 
> (816)221-1024.
> 
> 
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
> 
> ClusterLabs home: https://www.clusterlabs.org/
>

More information about the Users mailing list