Netplan generate is creating directories with incorrect permission
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Netplan |
Fix Released
|
Medium
|
Robert Malz | |||
netplan.io (Ubuntu) | Status tracked in Oracular | |||||
Jammy |
In Progress
|
Undecided
|
Robert Malz | |||
Noble |
In Progress
|
Undecided
|
Robert Malz | |||
Oracular |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
* Running netplan with modified default umask (default 022, modified 027)
will cause netplan to create /run/systemd/* directories with 750 permissions.
* This will cause some backends, like systemd-network, failures during reading the configuration.
* Issue appeared after adding fix for https:/
[ Test Plan ]
* To reproduce this issue default umask needs to be changes for instance to 027
This can be done in multiple ways, like changing bashrc/
* Make sure that there is currently no netplan configuration applied eg.:
/run/
* Run "netplan apply"
* Netplan will create /run/systemd/
* This will cause issues reading files from that directory for some backends
[ Where problems could occur ]
* Targeted fix for this problem is to bring back setting umask to 022 in "netplan generate" code
* New umask should be only applied to creating directories to not bring back issues from lp1987842
* In previous implementations netplan was already setting umask 022, which was removed with lp1987842 fix
adding back introduces low risk of regression.
* Fix tested locally, no issues detected.
[ Other Info ]
* umask 027 is set during usg hardening
* In case of usg hardening, issue will not reproduce if /etc/netplan during boot process have some yaml files.
In this scenario, umask 027 is set after netplan already perform config generation.
User reporting this issue stated that in their scenario they first boot to the system and only then
move netplan config to the /etc/netplan and run netplan apply manually
Changed in netplan: | |
assignee: | nobody → Robert Malz (rmalz) |
tags: | added: sru-next |
https:/ /github. com/canonical/ netplan/ pull/497