[Bug 1953610] Re: cnf-update-db creates unreadable database if wrong umask
Kellen Renshaw
1953610 at bugs.launchpad.net
Wed Feb 2 18:15:17 UTC 2022
[Test Plan]
To reproduce the issue, use the annotated steps below. Confirmed working as a reproducer for Focal and Impish. Bionic appears to use a -data package instead of building the db on "apt update"
Notes:
1) The "ubuntu" user below is unprivileged, the result of the "adduser ubuntu" command being run and accepting defaults.
2) The "lck" and "ack" commands were randomly selected as commands that were unavailable on the default Ubuntu images used by LXD.
# Confirm UMASK
grep "^UMASK" /etc/login.defs
# Set /etc/login.defs to umask 027
sed -i -e 's/^UMASK\t\t022/UMASK\t\t027/' /etc/login.defs
# Confirm
grep "^UMASK" /etc/login.defs
# Log out and back in
exit
# Log back in
# Force rebuild of DB
rm -rf /var/lib/command-not-found/*
apt update
ls -lah /var/lib/command-not-found/
# Verify failure
su - ubuntu
lck
ack
exit
## END repro
The failures expected to be seen when running the "lck" and "ack" commands are similar to:
ubuntu at lp1953610-focal:~$ ack
Sorry, command-not-found has crashed! Please file a bug report at:
https://bugs.launchpad.net/command-not-found/+filebug
Please include the following information with the report:
command-not-found version: 0.3
Python version: 3.8.10 final 0
Distributor ID: Ubuntu
Description: Ubuntu 20.04.3 LTS
Release: 20.04
Codename: focal
Exception information:
unable to open database file
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/CommandNotFound/util.py", line 23, in crash_guard
callback()
File "/usr/lib/command-not-found", line 90, in main
cnf = CommandNotFound.CommandNotFound(options.data_dir)
File "/usr/lib/python3/dist-packages/CommandNotFound/CommandNotFound.py", line 79, in __init__
self.db = SqliteDatabase(dbpath)
File "/usr/lib/python3/dist-packages/CommandNotFound/db/db.py", line 12, in __init__
self.con = sqlite3.connect(filename)
sqlite3.OperationalError: unable to open database file
A successful run should look like:
ubuntu at lp1953610-focal:~$ lck
Command 'lck' not found, did you mean:
command 'ack' from deb ack (3.3.1-1)
command 'ick' from deb intercal (30:0.30-3)
command 'lcp' from deb lsh-client (2.1-12build3)
command 'lc' from deb mono-devel (6.8.0.105+dfsg-2)
command 'lcf' from deb ucf (3.0038+nmu1)
command 'ck' from deb python3-ck (1.9.4-1.1)
Try: apt install <deb name>
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to command-not-found in Ubuntu.
https://bugs.launchpad.net/bugs/1953610
Title:
cnf-update-db creates unreadable database if wrong umask
Status in command-not-found package in Ubuntu:
Fix Released
Status in command-not-found source package in Bionic:
Confirmed
Status in command-not-found source package in Focal:
Confirmed
Status in command-not-found source package in Impish:
Confirmed
Status in command-not-found source package in Jammy:
Fix Released
Bug description:
[Impact]
If a non-default umask is set for the root user, then the database created by cnf-update-db is not readable by users.
This fix ensures databases are created with the correct permissions,
but it does not automatically reset permissions for broken databases.
[Test plan]
The umask changes have little regression potential, are tested in a smoke test, and there is a larger test suite that ensures it does not regress other bits (which again, it really shouldn't)
[Where problems could occur]
We could have the wrong umask? Admins actually liked c-n-f to crash on them?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/command-not-found/+bug/1953610/+subscriptions
More information about the foundations-bugs
mailing list