Opened 10 years ago

Last modified 9 years ago

#923 new defect

IZ671: sdmadm update_keystore command does not change ownership

Reported by: rhierlmeier Owned by:
Priority: normal Milestone:
Component: hedeby Version: 1.0
Severity: Keywords: security
Cc:

Description

[Imported from gridengine issuezilla http://gridengine.sunsource.net/issues/show_bug.cgi?id=671]

        Issue #:      671            Platform:     All         Reporter: rhierlmeier (rhierlmeier)
       Component:     hedeby            OS:        All
     Subcomponent:    security       Version:      1.0            CC:    None defined
        Status:       NEW            Priority:     P3
      Resolution:                   Issue type:    DEFECT
                                 Target milestone: 1.0u5next
      Assigned to:    rhierlmeier (rhierlmeier)
      QA Contact:     rhierlmeier
          URL:
       * Summary:     sdmadm update_keystore command does not change ownership
   Status whiteboard:
      Attachments:


     Issue 671 blocks:
   Votes for issue 671:     Vote for this issue


   Opened: Wed Jun 17 06:47:00 -0700 2009 
------------------------


   Description

   With the sdmadm update_keystore it is possible to update or create a keystore of
   a user
   or a daemon. The keystore is stored in the local spool directory. However the
   ownership of the newly created keystore file is not correct.

   If the command is executed as user root the resulting keystore should be owned

   o by the user in the case of a user keystore (-t user)
   o by the user under which the JVM is running (-t daemon)

   Evaluation:

   The adminstrator must change the ownership of the keystore file manually


   Analysis


   The command class StoreKeyStoreCommand implements already a chown on the
   keystore file if the owner of the keystore is specified in the constructor.
   However this does not happen. The class GetKeyStoreCliCommand passes null as
   owner to the constructor.



   How to test

   Write a testuiste test that creates a daemon and a user keystore.
   Check that

      - the owner ship of the keystore file is correct
      - the permissions of the keystore file are correct (400)
      - the keystore file is deleted if the ownership could not be changed
        (execute sdmadm uk as non root user, chown will fail)


   ATC: 0PD
   ETC: 2PD
               ------- Additional comments from rhierlmeier Wed Nov 25 07:21:12 -0700 2009 -------
   Milestone changed

Change History (0)

Note: See TracTickets for help on using tickets.