[Bug 2076319] Re: Netplan generate is creating directories with incorrect permission

Lukas Märdian 2076319 at bugs.launchpad.net
Tue Aug 27 12:39:59 UTC 2024 

We might bundle this SRU for Noble with bug #2077011

** Also affects: netplan.io (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: netplan.io (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Also affects: netplan.io (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Also affects: netplan.io (Ubuntu Oracular)
   Importance: Undecided
       Status: New

** Changed in: netplan.io (Ubuntu Oracular)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to netplan.io in Ubuntu.
Matching subscriptions: foundations-bugs
https://bugs.launchpad.net/bugs/2076319

Title:
  Netplan generate is creating directories with incorrect permission

Status in Netplan:
  Fix Released
Status in netplan.io package in Ubuntu:
  Fix Released
Status in netplan.io source package in Jammy:
  New
Status in netplan.io source package in Noble:
  New
Status in netplan.io source package in Oracular:
  Fix Released

Bug description:
  [ Impact ]

   * Running netplan with modified default umask (default 022, modified 027)
     will cause netplan to create /run/systemd/* directories with 750 permissions.

   * This will cause some backends, like systemd-network, failures
  during reading the configuration.

   * Issue appeared after adding fix for
  https://bugs.launchpad.net/netplan/+bug/1987842

  [ Test Plan ]

   * To reproduce this issue default umask needs to be changes for instance to 027
     This can be done in multiple ways, like changing bashrc/login.defs/profile

   * Make sure that there is currently no netplan configuration applied eg.:
     /run/systemd/network/ should not exist

   * Run "netplan apply"
   
   * Netplan will create /run/systemd/network/ directory with 750 permissions
   
   * This will cause issues reading files from that directory for some backends

  [ Where problems could occur ]

   * Targeted fix for this problem is to bring back setting umask to 022
  in "netplan generate" code

   * New umask should be only applied to creating directories to not
  bring back issues from lp1987842

   * In previous implementations netplan was already setting umask 022, which was removed with lp1987842 fix
     adding back introduces low risk of regression.

   * Fix tested locally, no issues detected.

  [ Other Info ]
   
   * umask 027 is set during usg hardening

   * In case of usg hardening, issue will not reproduce if /etc/netplan during boot process have some yaml files.
     In this scenario, umask 027 is set after netplan already perform config generation.
     User reporting this issue stated that in their scenario they first boot to the system and only then
     move netplan config to the /etc/netplan and run netplan apply manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/netplan/+bug/2076319/+subscriptions

More information about the foundations-bugs mailing list