authentication files for private ppas being written out with overly restrictive permissions

Bug #676738 reported by Michael Barnett on 2010-11-17
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Critical
Jelmer Vernooij

Bug Description

.htpasswd files are now being written out with 0600 permissions instead of 0644. This breaks authentication as the process that verifies access is no longer able to open the access file to check a user's credentials. I have verified that this occurs when a subscription is altered. I did not check to see if there is any different behaviour when the subscription is initially set up. (I don't believe there would be, but i include this for completeness.)

Related branches

Changed in soyuz:
importance: Undecided → Critical
Ian Booth (wallyworld) wrote :

A cowboy has been deployed - see

https://code.edge.launchpad.net/~wallyworld/launchpad/htpasswd-access-permissions/+merge/41115

A better longer term solution may be required due to the fact that the reason for the code being the way it is is non obvious and the change which broke stuff didn't look out of place.

Jelmer Vernooij (jelmer) on 2010-11-18
Changed in soyuz:
status: New → Triaged
assignee: nobody → Jelmer Vernooij (jelmer)
Robert Collins (lifeless) wrote :

Where is this at? We've still got germanium cowboyed..

Changed in soyuz:
status: Triaged → In Progress
Changed in soyuz:
milestone: none → 10.12
tags: added: qa-needstesting
Changed in soyuz:
status: In Progress → Fix Committed
Jelmer Vernooij (jelmer) on 2010-12-01
tags: added: qa-ok
removed: qa-needstesting
Curtis Hovey (sinzui) on 2010-12-08
Changed in soyuz:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers