Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 368831 - anon* service creating files with faulty permissions
Summary: anon* service creating files with faulty permissions
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Infrastructure
Classification: Unclassified
Component: Git (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Infrastructure
URL:
Whiteboard:
Keywords:
: 369659 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-05-27 00:49 UTC by Mike Gilbert
Modified: 2011-06-07 19:17 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Gilbert gentoo-dev 2011-05-27 00:49:40 UTC 
I'm getting a strange error when I try to checkout or update gentoo-x86/www-client/chromium.

darkside said to file a bug.

floppym@naomi src % cvs -d :pserver:anonymous@anoncvs.gentoo.org/var/cvsroot co gentoo-x86/www-client/chromium
U gentoo-x86/www-client/chromium/ChangeLog
U gentoo-x86/www-client/chromium/Manifest
U gentoo-x86/www-client/chromium/chromium-11.0.696.68.ebuild
cvs checkout: nothing known about `gentoo-x86/www-client/chromium/chromium-11.0.696.71.ebuild'
U gentoo-x86/www-client/chromium/chromium-12.0.742.60.ebuild
cvs checkout: nothing known about `gentoo-x86/www-client/chromium/chromium-12.0.742.68.ebuild'
U gentoo-x86/www-client/chromium/chromium-13.0.767.1.ebuild
cvs checkout: nothing known about `gentoo-x86/www-client/chromium/chromium-13.0.772.0-r1.ebuild'
U gentoo-x86/www-client/chromium/chromium-9999-r1.ebuild
U gentoo-x86/www-client/chromium/metadata.xml
U gentoo-x86/www-client/chromium/files/chromium-browser.xml
U gentoo-x86/www-client/chromium/files/chromium-cups-r0.patch
U gentoo-x86/www-client/chromium/files/chromium-ffmpeg-build-r0.patch
U gentoo-x86/www-client/chromium/files/chromium-launcher-r1.sh
cvs checkout: nothing known about `gentoo-x86/www-client/chromium/files/chromium-launcher-r2.sh'
U gentoo-x86/www-client/chromium/files/chromium-system-vpx-r3.patch
U gentoo-x86/www-client/chromium/files/chromium-system-vpx-r4.patch
U gentoo-x86/www-client/chromium/files/chromium-system-zlib-r0.patch
cvs checkout: nothing known about `gentoo-x86/www-client/chromium/files/chromium.default'
U gentoo-x86/www-client/chromium/files/chromium.xml
U gentoo-x86/www-client/chromium/files/dot-gclient
floppym@naomi src % cd gentoo-x86/www-client/chromium 
floppym@naomi chromium % ls
ChangeLog                    chromium-13.0.767.1.ebuild  files
chromium-11.0.696.68.ebuild  chromium-9999-r1.ebuild     Manifest
chromium-12.0.742.60.ebuild  CVS                         metadata.xml
floppym@naomi chromium % cvs up
cvs update: nothing known about `chromium-11.0.696.71.ebuild'
cvs update: nothing known about `chromium-12.0.742.68.ebuild'
cvs update: nothing known about `chromium-13.0.772.0-r1.ebuild'
cvs update: nothing known about `files/chromium-launcher-r2.sh'
cvs update: nothing known about `files/chromium.default'
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2011-05-31 20:29:43 UTC 
darkside:
I think something in your rsync changes has locked down permissions on the anon files too much.

pheasant chromium # pwd
/var/cvsroot/gentoo-x86/www-client/chromium

pheasant chromium # ls -la
total 739
drwxr-sr-x  4 gcvsd-rsync gcvsd    528 May 29 15:08 .
drwxr-sr-x 65 gcvsd-rsync gcvsd   1768 May  3 19:36 ..
drwxr-sr-x  2 gcvsd-rsync gcvsd   8680 May 26 11:09 Attic
-r--r--r--  1 gcvsd-rsync gcvsd 231986 May 29 15:08 ChangeLog,v
-r--r--r--  1 gcvsd-rsync gcvsd  11599 May 13 22:09 chromium-11.0.696.68.ebuild,v
-r--------  1 gcvsd-rsync gcvsd  11593 May 27 10:00 chromium-11.0.696.71.ebuild,v
-r--r--r--  1 gcvsd-rsync gcvsd  12225 May 25 04:46 chromium-12.0.742.60.ebuild,v
-r--------  1 gcvsd-rsync gcvsd  11852 May 26 08:57 chromium-12.0.742.68.ebuild,v
-r--r--r--  1 gcvsd-rsync gcvsd  12122 May 25 04:46 chromium-13.0.767.1.ebuild,v
-r--------  1 gcvsd-rsync gcvsd  13860 May 29 15:08 chromium-13.0.772.0-r1.ebuild,v
-r--r--r--  1 gcvsd-rsync gcvsd  33127 May 29 15:08 chromium-9999-r1.ebuild,v
drwxr-sr-x  3 gcvsd-rsync gcvsd    544 May 26 11:09 files
-r--r--r--  1 gcvsd-rsync gcvsd 385123 May 29 15:08 Manifest,v
-r--r--r--  1 gcvsd-rsync gcvsd   5018 May  3 10:21 metadata.xml,v

Changing them to world readable fixes the issue, but new files created in CVS still get it wrong.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2011-05-31 20:35:00 UTC 
Problem started on either May 19 or May 20th.
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2011-05-31 20:43:42 UTC 
The problem is rsync on the anoncvs node.
rsync-3.0.7 - works
rsync-3.0.8 - does not work.

works: file is created 444
broken: file is created 400
Comment 4 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2011-06-01 14:28:10 UTC 
*** Bug 369659 has been marked as a duplicate of this bug. ***
Comment 5 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2011-06-01 14:39:14 UTC 
(In reply to comment #3)
> The problem is rsync on the anoncvs node.
> rsync-3.0.7 - works
> rsync-3.0.8 - does not work.
> 
> works: file is created 444
> broken: file is created 400

Timeline:
-Robin debugs the issue down to a problem with rsync version.
-Robin downgrades rsync & manually fixes files
-cfengine upgrades rsync again
-Sebastian files bug 369659
-I look into the issue again, thinking about downgrading rsync again and add a rule to cfengine to not upgrade it for now
-I remove files with faulty permissions & re-run rsync script to pull files
-I cannot find files with faulty permissions anymore (with rsync 3.0.8)

I will check again in a few hours to see what is happening. I can't explain it yet.
Comment 6 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2011-06-01 16:38:46 UTC 
(In reply to comment #5)

> I will check again in a few hours to see what is happening. I can't explain it
> yet.

Ignore my previous rambling. The anon* service's cron umask is 0077 which explains this all. Not rsync version related.
Comment 7 Sebastian Pipping gentoo-dev 2011-06-07 18:02:06 UTC 
Seems like a new case just came up:

cvs update: cannot open directory /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/distpatch: Permission denied
Comment 8 Christian Ruppert (idl0r) gentoo-dev 2011-06-07 18:10:57 UTC 
(In reply to comment #7)
> Seems like a new case just came up:
> 
> cvs update: cannot open directory
> /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/distpatch: Permission
> denied

Works for me.
Comment 9 Mike Gilbert gentoo-dev 2011-06-07 18:15:56 UTC 
(In reply to comment #7)
> Seems like a new case just came up:
> 
> cvs update: cannot open directory
> /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/distpatch: Permission
> denied

I can reproduce:

floppym@naomi src % cvs -d :pserver:anonymous@anoncvs.gentoo.org/var/cvsroot co gentoo/xml/htdocs/proj/en/infrastructure/distpatch
cvs checkout: cannot open directory /var/cvsroot/gentoo/xml/htdocs/proj/en/infrastructure/distpatch: Permission denied
cvs checkout: skipping directory gentoo/xml/htdocs/proj/en/infrastructure/distpatch
Comment 10 Sebastian Pipping gentoo-dev 2011-06-07 18:19:25 UTC 
One more:

cvs update: cannot open directory /var/cvsroot/gentoo/xml/htdocs/proj/es/hardened/selinux: Permission denied
Comment 11 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2011-06-07 19:01:36 UTC 
Thanks guys, but no more comments are needed.
Comment 12 Christian Ruppert (idl0r) gentoo-dev 2011-06-07 19:17:11 UTC 
Should be fixed now, thanks!