-
Bug
-
Resolution: Done-Errata
-
Normal
-
None
-
0
-
False
-
-
False
-
CLOSED
-
900
-
Platform
-
-
-
Moderate
-
No
When running the installer on a fresh system, some of the contents of the /pub directory are not accessible. Trying to download the consumer RPM from "https://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm" results in a "403 Forbidden" error. From looking at the file on the system, it seems like the installer is not setting to correct permissions on the files it generated. There isn't read access for the "apache" user:
- ll -a /var/www/html/pub
total 120
drwxr-xr-x. 2 apache apache 4096 Dec 6 01:37 .
drwxr-xr-x. 3 root root 82 Dec 5 01:28 ..
rw-rr-. 1 root root 74211 Apr 26 2022 bootstrap.py
rw------. 1 root root 12056 Nov 30 17:40 katello-ca-consumer-satellite.example.com-1.0-1.noarch.rpm
rw------. 1 root root 11312 Nov 30 17:40 katello-ca-consumer-satellite.example.com-1.0-1.src.rpm
lrwxrwxrwx. 1 root root 94 Nov 30 17:40 katello-ca-consumer-latest.noarch.rpm -> /var/www/html/pub/katello-ca-consumer-satellite.example.com-1.0-1.noarch.rpm
rwx-----. 1 root root 8240 Nov 30 17:40 katello-rhsm-consumer
rw-rr-. 1 root root 2706 Nov 30 17:40 katello-server-ca.crt
It seems to be using the default umask for the system:
- umask
0077
This can be fixed by adding global read access to the files, but it seems like the installer should be doing this.
Reproducible: Always
Steps to Reproduce:
1. Start with a fresh system
2. Have the umask set to 0077
3. Run `satellite-installer --scenario satellite`
4. Try to access "https://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm"
Actual Results:
"403 Forbidden" error
Expected Results:
RPM file is downloaded
- cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="8.9 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.9"
PLATFORM_ID="platform:el8"
- links to
-
RHBA-2024:140284 Important: Satellite 6.16.0 release