SCIENTIFIC-LINUX-DEVEL Archives

April 2016

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: yum verify and runtime changes.
From:
Steven Haigh <[log in to unmask]>
Reply To:
Steven Haigh <[log in to unmask]>
Date:
Sun, 10 Apr 2016 13:04:38 +1000
Content-Type:
multipart/signed
Parts/Attachments:
text/plain (2642 bytes) , signature.asc (834 bytes) 
On 10/04/16 12:05, Steven Haigh wrote:
> On 04/04/16 23:48, Pat Riehecky wrote:
>> On 04/03/2016 03:21 AM, Steven Haigh wrote:
>>> Recently I've been using 'yum verify' to examine some storage issues
>>> with file system corruption (not an SL7 problem). I've been noticing
>>> that a lot of permissions at runtime get changed - which causes yum
>>> verify to point these out.
>>>
>>> Its my opinion that the permissions that are needed at runtime for
>>> various things should actually be packaged into the RPMs installed -
>>> therefore there should be no difference between install time and runtime
>>> permissions.
>>>
>>> For example:
>>> $ yum verify
>>> Loaded plugins: fastestmirror, verify
>>> ==================== Installed Packages ====================
>>> bind.x86_64 : The Berkeley Internet Name Domain (BIND) DNS (Domain Name
>>> System) server
>>>      File: /run/named
>>>          Problem:  mode does not match
>>>          Current:  user:wrx, group:wrx, other:---
>>>          Original: user:wrx, group:-rx, other:-rx
>>>
>>> bind-chroot.x86_64 : A chroot runtime environment for the ISC BIND DNS
>>> server, named(8)
>>>      File: /var/named/chroot/usr/lib64/bind
>>>          Problem:  group does not match
>>>          Current:  root
>>>          Original: named
>>>                                     --------
>>>          Problem:  mode does not match
>>>          Current:  user:wrx, group:-rx, other:-rx
>>>          Original: user:wrx, group:-rx, other:---
>>>
>>> filesystem.x86_64 : The basic directory layout for a Linux system
>>>      File: /mnt
>>>          Problem:  mode does not match
>>>          Current:  user:-rx, group:-rx, other:-rx
>>>          Original: user:wrx, group:-rx, other:-rx
>>> verify done
>>>
>>> If you fix these permissions back to the default, then they get changed
>>> again via the reboot / systemctl stop/start.
>>>
>>> My question is, shouldn't these be corrected upstream in the packages
>>> provided?
>>>
>>
>> Getting this corrected upstream makes sense to me.  Can I have you file
>> a few bugzillas and put me on the CC list?
> 
> Ok, I've finally gotten around to doing this - the excitement of an IPv6
> deployment across all my kit at home just had to be done first ;)
> 
> I've added you to the CC list on the two I've filed - I figure submit
> two as canaries to see what the feedback / result will be and go from
> there...

Sorry - for the reference of the list:
	https://bugzilla.redhat.com/1325620
	https://bugzilla.redhat.com/1325621


-- 
Steven Haigh

Email: [log in to unmask]
Web: https://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897

ATOM RSS1 RSS2