add-apt-repository creates read-only sources.list

Bug #399709 reported by zzz on 2009-07-15
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
software-properties (Ubuntu)
Undecided
Michael Vogt

Bug Description

by default `sudo add-apt-repository ppa:username` creates a file /etc/apt/sources.list.d/username-ppa-karmic.list with the default umask-based permissions which in my case on karmic left with a file readable only by root

this causes all non-superuser run apps that legitimately probe the contents of /etc/apt/sources.list to fail

e.g.,

$ apport-cli -f -p python-software-properties

*** Collecting problem information

The collected information can be sent to the developers to improve the
application. This might take a few minutes.
Traceback (most recent call last):
  File "/usr/bin/apport-cli", line 395, in <module>
    if not app.run_argv():
  File "/usr/lib/python2.6/dist-packages/apport/ui.py", line 343, in run_argv
    return self.run_report_bug()
  File "/usr/lib/python2.6/dist-packages/apport/ui.py", line 305, in run_report_bug
    self.collect_info()
  File "/usr/lib/python2.6/dist-packages/apport/ui.py", line 455, in collect_info
    icthread.exc_raise()
  File "/usr/lib/python2.6/dist-packages/apport/REThread.py", line 37, in run
    self._retval = self.__target(*self.__args, **self.__kwargs)
  File "/usr/lib/python2.6/dist-packages/apport/ui.py", line 41, in thread_collect_info
    report.add_package_info(package)
  File "/usr/lib/python2.6/dist-packages/apport/report.py", line 178, in add_package_info
    version = packaging.get_version(package)
  File "/usr/lib/python2.6/dist-packages/apport/packaging_impl.py", line 65, in get_version
    pkg = self._apt_pkg(package)
  File "/usr/lib/python2.6/dist-packages/apport/packaging_impl.py", line 58, in _apt_pkg
    return self._cache()[package]
  File "/usr/lib/python2.6/dist-packages/apport/packaging_impl.py", line 49, in _cache
    self._apt_cache = apt.Cache()
  File "/usr/lib/python2.6/dist-packages/apt/cache.py", line 66, in __init__
    self.open(progress)
  File "/usr/lib/python2.6/dist-packages/apt/cache.py", line 103, in open
    self._cache = apt_pkg.GetCache(progress)
SystemError: E:Opening /etc/apt/sources.list.d/kwwii-ppa-karmic.list - ifstream::ifstream (13 Permission denied), E:The list of sources could not be read.

add-apt-repository should be updated to ensure the resulting apt source files have been treated to a `chmod a+r username-ppa-karmic.list`

ProblemType: Bug
Architecture: i386
Date: Wed Jul 15 13:30:55 2009
DistroRelease: Ubuntu 9.10
Package: python-software-properties 0.75
PackageArchitecture: all
ProcEnviron:
 SHELL=/bin/bash
 PATH=(custom, user)
 LANG=en_GB.UTF-8
ProcVersionSignature: Ubuntu 2.6.31-3.19-generic
SourcePackage: software-properties
Uname: Linux 2.6.31-3-generic i686

zzz (oldman-deactivatedaccount) wrote :
Brian Murray (brian-murray) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. I tried recreating this using python-software-properties version 0.75 in Karmic but was unsuccessful. The file was created with '-rw-r--r-- ' permissions. Additionally, I tried executing apport-cli for that package and it did not crash for me. Is there any other information that you can provide that would help us recreate the bug report? Thanks in advance.

Changed in software-properties (Ubuntu):
status: New → Incomplete
zzz (oldman-deactivatedaccount) wrote :

Sorry, to clarify, when you run a command as sudo that creates files, it bases the permissions of these new files on the umask you have set for your current user (not the umask used by root).

Therefore, on my user account I have the umask set to 0077 which ensures that by default all new files I create are only readable by my user. So if I do `sudo touch /tmp/example` that file will be similarly created with rw only for my user.

The bug here is that add-apt-repository cannot rely on the files it creates having a particular set of permissions, as they rely on whatever the user has set their umask to, and so it should have an additional chmod step that ensures the file is readable by all

Changed in software-properties (Ubuntu):
status: Incomplete → New
zzz (oldman-deactivatedaccount) wrote :

typo in that command

In the last sentence of the second paragraph 'similarly created with rw only for my user.' should have said 'similarly created with rw only for root'

here's a simple test case

$ umask 0077
$ touch /tmp/example1
$ sudo touch /tmp/example2
$ ls -l /tmp/example*
-rw------- 1 username username 0 2009-07-16 11:39 /tmp/example1
-rw------- 1 root root 0 2009-07-16 11:39 /tmp/example2

for reference, the default umask on ubuntu is 0022, but is a fairly common action for people to customise this on multi-user machines

Michael Vogt (mvo) on 2009-07-17
Changed in software-properties (Ubuntu):
assignee: nobody → Michael Vogt (mvo)
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package software-properties - 0.75.1

---------------
software-properties (0.75.1) karmic; urgency=low

  * add-apt-repository:
    - fix typo (thanks to Brian Murray), LP: #399864
  * debian/control:
    - add Vcs-Bzr header
  * softwareproperties/SoftwareProperties.py:
    - allow removing of sources.list.d files with just a single
      line (LP: #399898)
  * add-apt-repository:
    - ensure that new files are created with 0644 by default
      (LP: #399709)

 -- Michael Vogt <email address hidden> Fri, 17 Jul 2009 17:00:34 +0200

Changed in software-properties (Ubuntu):
status: Fix Committed → Fix Released
Jarno Suni (jarnos) on 2019-09-15
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers