Bug 36859 - fix template permissions for etc/pykota/pykotadmin.conf in univention-printquota
fix template permissions for etc/pykota/pykotadmin.conf in univention-printquota
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Printserver - pykota
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-0-errata
Assigned To: Felix Botner
Janek Walkenhorst
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-11-19 10:29 CET by Felix Botner
Modified: 2015-01-22 11:52 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2014-11-19 10:29:44 CET
UCS 3.2 slave with univention-printserver updated to 4.0. After the update the listener says:

19.11.14 09:57:06.707  LISTENER    ( ERROR   ) : import of filename=/usr/lib/univention-directory-listener/system/cups-printers.py failed
Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/cups-printers.py", line 43, in <module>
    ucr_handlers.load()
  File "/usr/lib/pymodules/python2.7/univention/config_registry/handler.py", line 523, in load
    self.update()
  File "/usr/lib/pymodules/python2.7/univention/config_registry/handler.py", line 687, in update
    handler = self.get_handler(section)
  File "/usr/lib/pymodules/python2.7/univention/config_registry/handler.py", line 537, in get_handler
    return handler(entry)
  File "/usr/lib/pymodules/python2.7/univention/config_registry/handler.py", line 594, in _get_handler_file
    handler.variables = grep_variables(open(from_path, 'r').read())
IOError: [Errno 13] Permission denied: '/etc/univention/templates/files/etc/pykota/pykotadmin.conf'

printers are no longer created/modified/removed on that slave.
(this happens only if the ucr hanlder cache is not readable for everyone 
/var/cache/univention-config/cache -> -rw-------, see Bug #36858)

Fix:

Remove the "chmod 0600 /etc/univention/templates/files/etc/pykota/pykotadmin.conf" from debian/univention-printquota.postinst, i dont see why the template should be readable for root only.

Workaround:

-> chmod 755 /etc/univention/templates/files/etc/pykota/pykotadmin.conf
( univention-directory-listener-ctrl resync cups-printers )
Comment 1 Felix Botner univentionstaff 2014-12-10 18:14:00 CET
removed chmod 0600 /etc/uni... from postinst

added 
+User: pykota
+Group: pykota
+Mode: 640
for etc/pykota/pykotadmin.conf in univention-config-registry 

chmod 644 /etc/univention/templates/files/etc/pykota/pykotadmin.conf during this update

YAML: 2014-12-10-univention-printquota.yaml
Comment 2 Janek Walkenhorst univentionstaff 2015-01-16 18:31:26 CET
Code review: OK
Tests: OK
Advisory: OK
Comment 3 Janek Walkenhorst univentionstaff 2015-01-22 11:52:53 CET
<http://errata.univention.de/ucs/4.0/45.html>