Bug 2107113: Fix .ssh directory not owned by core when created by Machine Config D…

[palonsoro]

Fixes BZ#2107113:

• What I did: Create the ~core/.ssh directory in advance if it didn't previously exist and chown it to core user
• How to verify it: Create a cluster without SSH keys and configure those via machine-config post-install. Before fix, ~core/.ssh user was owned by root, with this fix, it is owned by core user as expected
• Description for the changelog: Fix .ssh directory not owned by core when created by Machine Config Daemon

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

@palonsoro: This pull request references Bugzilla bug 2107113, which is invalid:

• expected the bug to target the "4.12.0" release, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 2107113: Fix .ssh directory not owned by core when created by Machine Config D…

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[palonsoro]

/bugzilla refresh

[openshift-ci]

@palonsoro: This pull request references Bugzilla bug 2107113, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.12.0) matches configured target release for branch (4.12.0)
• bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @rioliu-rh

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[palonsoro]

/assign @sinnykumari

[yuqi-zhang]

Generally seems fine, will also let others have a chance to take a look

Thanks for the fix!

[cgwalters]

This introduces a race condition - if we're interrupted between creating the directory and calling chown(), the directory will remain owned by root forever.

More generally, privileged code operating on directories owned by unprivileged users is full of huge traps. For example, assuming the core user has sudo permissions removed, this might be subject to symlink attacks.

Both of these issues can be fixed by switching to the core user temporarily. While it's possible to use low-level kernel APIs for this, in this case I'd say it's a lot simpler to fork off this as a subprocess: runuser -u core -- mkdir -m 0700 -p ~/.ssh.

[cgwalters]

Really this applies anywhere in the MCO we want to write files that are in directories owned by lesser privileged users - but the core user ssh keys are probably the only case.

[palonsoro]

I have changed the code with runuser. Now testing...

[palonsoro]

Tested. It worked on my test scenario. Code now just calls runuser -u core -- mkdir -m 0070 -p /home/core/.ssh

[palonsoro]

/hold

[palonsoro]

Tested. It worked

[palonsoro]

/unhold

[palonsoro]

/retest-required

[palonsoro]

/retest

[sinnykumari]

it took a while to get back to this PR.
/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: palonsoro, sinnykumari, yuqi-zhang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [sinnykumari,yuqi-zhang]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[palonsoro]

/retest-required

[openshift-ci-robot]

/retest-required

Remaining retests: 2 against base HEAD f21482c and 8 for PR HEAD 71e88ad in total

[openshift-ci-robot]

/retest-required

Remaining retests: 1 against base HEAD f21482c and 7 for PR HEAD 71e88ad in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD f21482c and 6 for PR HEAD 71e88ad in total

[openshift-ci]

@palonsoro: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-ci]

@palonsoro: All pull requests linked via external trackers have merged:

• openshift/machine-config-operator#3250

Bugzilla bug 2107113 has been moved to the MODIFIED state.

In response to this:

Bug 2107113: Fix .ssh directory not owned by core when created by Machine Config D…

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[palonsoro]

/cherry-pick release-4.11

[openshift-cherrypick-robot]

@palonsoro: new pull request created: #3307

In response to this:

/cherry-pick release-4.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.