Bug 36859

Summary: fix template permissions for etc/pykota/pykotadmin.conf in univention-printquota
Product: UCS Reporter: Felix Botner <botner>
Component: Printserver - pykotaAssignee: Felix Botner <botner>
Status: CLOSED FIXED QA Contact: Janek Walkenhorst <walkenhorst>
Severity: normal    
Priority: P5 CC: gohmann
Version: UCS 4.0   
Target Milestone: UCS 4.0-0-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Felix Botner univentionstaff 2014-11-19 10:29:44 CET 
UCS 3.2 slave with univention-printserver updated to 4.0. After the update the listener says:

19.11.14 09:57:06.707  LISTENER    ( ERROR   ) : import of filename=/usr/lib/univention-directory-listener/system/cups-printers.py failed
Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/cups-printers.py", line 43, in <module>
    ucr_handlers.load()
  File "/usr/lib/pymodules/python2.7/univention/config_registry/handler.py", line 523, in load
    self.update()
  File "/usr/lib/pymodules/python2.7/univention/config_registry/handler.py", line 687, in update
    handler = self.get_handler(section)
  File "/usr/lib/pymodules/python2.7/univention/config_registry/handler.py", line 537, in get_handler
    return handler(entry)
  File "/usr/lib/pymodules/python2.7/univention/config_registry/handler.py", line 594, in _get_handler_file
    handler.variables = grep_variables(open(from_path, 'r').read())
IOError: [Errno 13] Permission denied: '/etc/univention/templates/files/etc/pykota/pykotadmin.conf'

printers are no longer created/modified/removed on that slave.
(this happens only if the ucr hanlder cache is not readable for everyone 
/var/cache/univention-config/cache -> -rw-------, see Bug #36858)

Fix:

Remove the "chmod 0600 /etc/univention/templates/files/etc/pykota/pykotadmin.conf" from debian/univention-printquota.postinst, i dont see why the template should be readable for root only.

Workaround:

-> chmod 755 /etc/univention/templates/files/etc/pykota/pykotadmin.conf
( univention-directory-listener-ctrl resync cups-printers )
Comment 1 Felix Botner univentionstaff 2014-12-10 18:14:00 CET 
removed chmod 0600 /etc/uni... from postinst

added 
+User: pykota
+Group: pykota
+Mode: 640
for etc/pykota/pykotadmin.conf in univention-config-registry 

chmod 644 /etc/univention/templates/files/etc/pykota/pykotadmin.conf during this update

YAML: 2014-12-10-univention-printquota.yaml
Comment 2 Janek Walkenhorst univentionstaff 2015-01-16 18:31:26 CET 
Code review: OK
Tests: OK
Advisory: OK
Comment 3 Janek Walkenhorst univentionstaff 2015-01-22 11:52:53 CET 
<http://errata.univention.de/ucs/4.0/45.html>