You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by "Dan Kirkwood (JIRA)" <ji...@apache.org> on 2017/05/16 18:02:04 UTC
[jira] [Closed] (TC-171) ort script should chown ats configuration
files.
[ https://issues.apache.org/jira/browse/TC-171?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Kirkwood closed TC-171.
---------------------------
> ort script should chown ats configuration files.
> ------------------------------------------------
>
> Key: TC-171
> URL: https://issues.apache.org/jira/browse/TC-171
> Project: Traffic Control
> Issue Type: Bug
> Components: Traffic Ops ORT
> Affects Versions: 1.8.0
> Reporter: John Rushford
> Original Estimate: 1m
> Remaining Estimate: 1m
>
> In the current version of the ort script, trafficserver config file ownership is not changed to the ats user id. With Centos 7.2 this presents a problem if a config file is owned by root. ATS uses the link(2) system call to make backup copies of config files. In Centos 7.2, if an ats config file is owned by root, ats will fail in creating backup config files and loading new config files if the are not owned by the traffic server effective user due to security tightening under Centos 7.2. The previous Centos 6.2 behavior may be with the symlinks and hardlink system calls may be restored by setting these sysctl settings to the value shown:
> CentOS sysctl settings
> fs.protected_hardlinks = 0
> fs.protected_symlinks = 0
> In any event, the ort script should explicitly chown the ownership of config files to the effective user of trafficserver. I'll submit a PR to correct this.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)