Details
-
Type:
Bug
-
Status: Done
-
Priority:
Medium
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 3.6.1
-
Component/s: Built-in functions
-
Labels:None
Description
The Str2Uid/Str2Gid functions in libpromises/conversion.c check only the first character of the provided string to see if it is a digit - if so the whole string is treated as an ID. This breaks handling of access/ownership promises for user/group names that start with a digit.
<pre><code>
- groupadd -g 3000 3p-contractor
- useradd -g 3p-contractor -u 3000 3p-contractor
- touch /tmp/testfile8
- chown 3p-contractor:3p-contractor /tmp/testfile8
- ll /tmp/testfile8
rw-rr-. 1 3p-contractor 3p-contractor 0 Jun 17 00:01 /tmp/testfile8 - cat test.cf
body common control {
bundlesequence => { "go" };
}
bundle agent go {
files:
"/tmp/testfile8"
perms => mog("0644", "3p-contractor", "3p-contractor"),
create => "true";
}
body perms mog(mode, user, group) {
owners =>
;
groups =>
;
mode => "$(mode)";
}
- cf-agent -KIf ./test.cf
2014-06-17T00:01:55+0200 info: /go/files/'/tmp/testfile8': Owner of '/tmp/testfile8' was 3000, setting to 3
2014-06-17T00:01:55+0200 info: /go/files/'/tmp/testfile8': Group of '/tmp/testfile8' was 3000, setting to 3 - ll /tmp/testfile8
rw-rr-. 1 adm sys 0 Jun 17 00:01 /tmp/testfile8 - grep ':x:3:' /etc/passwd /etc/group
/etc/passwd:adm:x:3:4:adm:/var/adm:/sbin/nologin
/etc/group:sys:x:3:bin,adm
</pre></code>
The workaround is to specify UID/GIDs rather than user/group names.
