[ClusterLabs] Antw: Re: Question on permissions for pcsd ghost files

Tomas Jelinek tojeline at redhat.com
Tue Apr 23 07:54:50 EDT 2019


Dne 23. 04. 19 v 13:26 Ulrich Windl napsal(a):
>>>> Tomas Jelinek <tojeline at redhat.com> schrieb am 23.04.2019 um 12:36 in
> Nachricht
> <f68313c6-9c5a-4835-44e8-274d71ab56ac at redhat.com>:
>> The files are listed as ghost files in order to let rpm know they belong
>> to pcs but are not distributed in rpm packages. Those files are created
>> by pcsd in runtime. I guess the 000 permissions come from the fact those
>> files are not present in rpm packages.
> 
> My guess it's just bad packing: I have an RPM myself that introduces a %ghost,
> and it has permissions:
> %ghost %config(missingok) %verify(not md5 mtime size) %attr(0644,root,root)
> /etc/%{name}.conf

We'll fix that in the next pcs build, then.

Thanks!
Tomas

> 
> Regards,
> Ulrich
> 
>>
>> The real permissions you have look OK to me as long as /var/lib/pcsd has
>> 700. Files pcsd.cookiesecret, pcsd.crt and pcsd.key should not be
>> executable but it does not matter that much. We fixed it pcs‑0.9.165.
>> The fix doesn't change permissions of existing files, though.
>>
>>
>> Regards,
>> Tomas
>>
>>
>> Dne 19. 04. 19 v 21:20 Hayden,Robert napsal(a):
>>> Working through an audit and need to determine what the expected
>>> permissions are for the following files.
>>>
>>> [root at techval13]# rpm ‑V pcs
>>>
>>> .M.......  c /var/lib/pcsd/pcs_settings.conf
>>>
>>> .M.......  c /var/lib/pcsd/pcs_users.conf
>>>
>>> .M.......  c /var/lib/pcsd/pcsd.cookiesecret
>>>
>>> .M.......  c /var/lib/pcsd/pcsd.crt
>>>
>>> .M.......  c /var/lib/pcsd/pcsd.key
>>>
>>> .M.......  c /var/lib/pcsd/tokens
>>>
>>> Looking at the RPM spec, these appear to be ghost files with permissions
>>> set to 000 in the spec.
>>>
>>> [root at techval13]# rpm ‑q ‑‑dump pcs | grep /var/lib/pcsd/pcs_settings.conf
>>>
>>> /var/lib/pcsd/pcs_settings.conf 0 1541089158
>>> 0000000000000000000000000000000000000000000000000000000000000000 0100000
>>> root root 1 0 0 X
>>>
>>> Currently, the permissions after a normal installation are listed in the
>>> “first” column from my custom report output.  The second column is the
>>> “expected” permissions from the RPM spec.
>>>
>>>     644 | 000 | /var/lib/pcsd/pcs_settings.conf |
>>> pcs‑0.9.165‑6.0.1.el7.x86_64
>>>
>>>     644 | 000 | /var/lib/pcsd/pcs_users.conf | pcs‑0.9.165‑6.0.1.el7.x86_64
>>>
>>>     700 | 000 | /var/lib/pcsd/pcsd.cookiesecret |
>>> pcs‑0.9.165‑6.0.1.el7.x86_64
>>>
>>>     700 | 000 | /var/lib/pcsd/pcsd.crt | pcs‑0.9.165‑6.0.1.el7.x86_64
>>>
>>>     700 | 000 | /var/lib/pcsd/pcsd.key | pcs‑0.9.165‑6.0.1.el7.x86_64
>>>
>>>     600 | 000 | /var/lib/pcsd/tokens | pcs‑0.9.165‑6.0.1.el7.x86_64
>>>
>>> Any help or guidance would be greatly appreciated.
>>>
>>>
>>> Thanks
>>>
>>> Robert
>>>
>>> CONFIDENTIALITY NOTICE This message and any included attachments are
>>> from Cerner Corporation and are intended only for the addressee. The
>>> information contained in this message is confidential and may constitute
>>> inside or non‑public information under international, federal, or state
>>> securities laws. Unauthorized forwarding, printing, copying,
>>> distribution, or use of such information is strictly prohibited and may
>>> be unlawful. If you are not the addressee, please promptly delete this
>>> message and notify the sender of the delivery error by e‑mail or you may
>>> call Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1)
>>> (816)221‑1024.
>>>
>>>
>>> _______________________________________________
>>> Manage your subscription:
>>> https://lists.clusterlabs.org/mailman/listinfo/users
>>>
>>> ClusterLabs home: https://www.clusterlabs.org/
>>>
>> _______________________________________________
>> Manage your subscription:
>> https://lists.clusterlabs.org/mailman/listinfo/users
>>
>> ClusterLabs home: https://www.clusterlabs.org/
> 
> 
> 
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
> 
> ClusterLabs home: https://www.clusterlabs.org/
> 


More information about the Users mailing list