Univention Bugzilla – Bug 48814
/var/cache/univention-portal has wrong permissions
Last modified: 2019-08-19 14:04:38 CEST
A newly installed UCS-4.4 system has '/var/cache/univention-portal' with mode 0o755, but it should be 0o700. This is the only issue found when running the UMC system diagnostics module. An out-of-the-box-installation should not be "kaputt". Either tell the diagnostics module, that is is okay, or fix the permissions by applying a fix similar to <https://git.knut.univention.de/univention/ucs/commit/4051a4c6c2ebf432ca7aef68218786528b22f610> from Bug #47741.
Frequently generating support tickets. As already suggested, either remove the warning from UMC or simply correct the settings.
UCS technical training 2019-03-21/22 UCS technical training 2019-05-08/09 git:phahn/48814-diag-cache-permissions QA: univention-run-diagnostic-checks --username Administrator --bindpwdfile <(exec printf %s univention) -t 31_file_permissions < Datei '/var/cache/univention-portal' hat Datei-Modus 755, 700 war erwartet. > ran 31_file_permissions successfully
Requested by customer
(In reply to Philipp Hahn from comment #2) > git:phahn/48814-diag-cache-permissions https://git.knut.univention.de/univention/ucs/commit/f657d5a551ff0d7bfb674de4364ed4159cb7b1a0 Unless the generated files contain secret data, 0755 is okay for that directory and the diagnostic module should be fixed.
(In reply to Philipp Hahn from comment #4) > (In reply to Philipp Hahn from comment #2) > > git:phahn/48814-diag-cache-permissions > > https://git.knut.univention.de/univention/ucs/commit/ > f657d5a551ff0d7bfb674de4364ed4159cb7b1a0 > > Unless the generated files contain secret data, 0755 is okay for that > directory and the diagnostic module should be fixed. Probably, the cache essentially holds LDAP data that should be "world readable". But as there are some DNs involved and I did not want to start a lengthy discussion, I changed the permissions of /var/cache/univention-portal in the postinst. debian/rules can do this, too, and seems like the correct place, but I found it does not work for existing installations that already created this directory with an older version of the package. univention-portal 3.0.1-23A~4.4.0.201905171116
OK: file permission is now 700 (System diagnostic module does not show warning) OK: yaml (b79b351a06 Bug #48814: yaml) -> verified
<http://errata.software-univention.de/ucs/4.4/128.html>