Date: Tue, 05 Mar 2024 20:14:06 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 277513] security/p5-openxpki - service script resets file permissions and ownership breaking webui Message-ID: <bug-277513-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277513 Bug ID: 277513 Summary: security/p5-openxpki - service script resets file permissions and ownership breaking webui Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: byrnejb@harte-lyne.ca CC: svysh.fbsd@gmail.com Flags: maintainer-feedback?(svysh.fbsd@gmail.com) CC: svysh.fbsd@gmail.com FreeBSd-13.2p9 (jail) Name : p5-openxpki Version : 3.24.2 Using the service command to restart the openxpkid daemon results in permis= sion and ownership changes to files and directories that render the webui unusab= le: example: ``` for F in \ "/usr/local/etc/openxpki/webui/default.conf" \ "/usr/local/etc/openxpki/webui/" \ "/usr/local/etc/openxpki/" \ "/usr/local/etc/openxpki/config.d" \ "/usr/local/etc/openxpki/local/" \ "/var/log/openxpki/webui.log";=20 do=20 ls -ld $F;=20 done -rw-r--r-- 1 openxpki openxpki 4781 Feb 23 09:51 /usr/local/etc/openxpki/webui/default.conf drwxr-xr-x 2 openxpki openxpki 3 Feb 23 09:51 /usr/local/etc/openxpki/we= bui/ drwxr-xr-x 13 openxpki openxpki 21 Feb 23 12:37 /usr/local/etc/openxpki/ drwxr-x--- 5 openxpki openxpki 5 Feb 7 11:29 /usr/local/etc/openxpki/config.d drwxr-x--- 3 openxpki openxpki 3 Feb 7 11:50 /usr/local/etc/openxpki/lo= cal/ -rw-rw---- 1 www www 16601 Mar 5 13:00 /var/log/openxpki/webui.log openxpkictl restart Stopping OpenXPKI Stopping gracefully, 3 (sub)processes remaining... DONE. Starting OpenXPKI Community Edition v3.24.2 try/catch is experimental at /usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 103. try/catch is experimental at /usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 107. OpenXPKI Server is running and accepting requests. DONE. for F in \ "/usr/local/etc/openxpki/webui/default.conf" \ "/usr/local/etc/openxpki/webui/" \ "/usr/local/etc/openxpki/" \ "/usr/local/etc/openxpki/config.d" \ "/usr/local/etc/openxpki/local/" \ "/var/log/openxpki/webui.log";=20 do=20 ls -ld $F;=20 done -rw-r--r-- 1 openxpki openxpki 4781 Feb 23 09:51 /usr/local/etc/openxpki/webui/default.conf drwxr-xr-x 2 openxpki openxpki 3 Feb 23 09:51 /usr/local/etc/openxpki/we= bui/ drwxr-xr-x 13 openxpki openxpki 21 Feb 23 12:37 /usr/local/etc/openxpki/ drwxr-x--- 5 openxpki openxpki 5 Feb 7 11:29 /usr/local/etc/openxpki/config.d drwxr-x--- 3 openxpki openxpki 3 Feb 7 11:50 /usr/local/etc/openxpki/lo= cal/ -rw-rw---- 1 www www 16601 Mar 5 13:00 /var/log/openxpki/webui.log service openxpki onerestart Service dirs recreated... Executing: USER=3Dopenxpki /usr/local/bin/openxpkictl --config /usr/local/etc/openxpki/config.d restart Stopping OpenXPKI Stopping gracefully, 4 (sub)processes remaining... DONE. Starting OpenXPKI Community Edition v3.24.2 try/catch is experimental at /usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 103. try/catch is experimental at /usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 107. OpenXPKI Server is running and accepting requests. DONE. for F in \ "/usr/local/etc/openxpki/webui/default.conf" \ "/usr/local/etc/openxpki/webui/" \ "/usr/local/etc/openxpki/" \ "/usr/local/etc/openxpki/config.d" \ "/usr/local/etc/openxpki/local/" \ "/var/log/openxpki/webui.log";=20 do=20 ls -ld $F;=20 done -rwxr-xr-- 1 openxpki openxpki 4781 Feb 23 09:51 /usr/local/etc/openxpki/webui/default.conf drwxr-xr-- 2 openxpki openxpki 3 Feb 23 09:51 /usr/local/etc/openxpki/we= bui/ drwxr-xr-- 13 openxpki openxpki 21 Feb 23 12:37 /usr/local/etc/openxpki/ drwxr-xr-- 5 openxpki openxpki 5 Feb 7 11:29 /usr/local/etc/openxpki/config.d drwxr-xr-- 3 openxpki openxpki 3 Feb 7 11:50 /usr/local/etc/openxpki/lo= cal/ -rw-rw---- 1 openxpki openxpki 17010 Mar 5 14:57 /var/log/openxpki/webui.log ``` Using service instead of openxpkictl results in the permissions of director= ies losing the o+x capability and the owner of webui.log being changed to openxpki:openxpki from www:www. When the permissions are changed the webui fails to start and the error log= ged is: webui.fcgi: Can't open config file '/usr/local/etc/openxpki/webui/default.c= onf' (permission denied)=20 When the owner of webui.log is changed webui also fails to start and the er= ror logged is: webui.fcgi: Can't sysopen /var/log/openxpki/webui.log (Permission denied) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277513-7788>