Ubuntu on EC2

ec2 images have /etc with group write

Bug #956039 reported by Jamie Strandboge on 2012-03-15

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu on EC2	Fix Released	High	Unassigned

Bug Description

Logging into EC2, I see /etc has group write:
$ ls -ld /etc
drwxrwxr-x 88 root root 4096 2012-03-15 14:02 /etc

Since this is group 'root', it is not security sensitive, however /etc should use the standard 755 and this might be indicative of a larger problem with image creation. (Debugging note: the default umask changed in 11.10).

See original description

Tags:

Jamie Strandboge (jdstrand) on 2012-03-15

tags:

added: cloud-images

Ben Howard (darkmuggle-deactivatedaccount) on 2012-03-15

Changed in ubuntu:
assignee:	nobody → Ben Howard (utlemming)

Jamie Strandboge (jdstrand) on 2012-03-15

description:

updated

Revision history for this message

Ben Howard (darkmuggle-deactivatedaccount) wrote on 2012-03-15:

It looks like this change was introduced with the switch over to Live-Build from VMBuilder. From a quick review of the code, the chmod's don't happen anywhere near /etc.

Confirmed for both Precise and Oneiric.

Changed in ubuntu:
importance:	Undecided → High

Revision history for this message

Scott Moser (smoser) wrote on 2012-03-15:

Just for information, I just rand this on my mirror of cloud-images:
$ sudo sh -c 'tmpd=$(mktemp -d); for tarball in $(find -type f -name "*server*-i386.tar.gz" | sort); do echo === "$(date +%H:%M:%S): $tarball" === ; ( cd "$tmpd" && rm -rf * && tar -Sxzf - && mkdir mp && sudo mount -o loop *.img mp && ls -ld mp/etc ) < $tarball ; ret=$?; sudo umount $tmpd/mp ; [ $ret -eq 0 ] || { echo "FAILED" ; break; } ; done 2>&1 '| tee /tmp/out.log

Attaching the output.

It seems to have come in at oneiric alpha-3.

Ben Howard (darkmuggle-deactivatedaccount) on 2012-03-27

Changed in ubuntu:
status:	New → Confirmed

Revision history for this message

Ben Howard (darkmuggle-deactivatedaccount) wrote on 2012-03-27:

Fascinating. Tracking this down was pretty tricky. The root cause is the file permissions of live-config/common/includes.chroot/etc was 0777. By chaning the permissions on the bzr branch, a non-prod test build had the proper permissions.

I push r462, which fixes this problem and am putting through a prod-test build now.
lp:~ubuntu-on-ec2/vmbuilder/automated-ec2-builds

Changed in ubuntu:
status:	Confirmed → Triaged

Revision history for this message

Ben Howard (darkmuggle-deactivatedaccount) wrote on 2012-03-28:

Fix is present in the latest dailies. Marking as fix-released.

Changed in ubuntu:
status:	Triaged → Fix Released

Mathew Hodson (mhodson) on 2016-07-15

affects:

ubuntu → ubuntu-on-ec2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.