[Bug 2076319] Re: Netplan generate is creating directories with incorrect permission

Lukas Märdian 2076319 at bugs.launchpad.net
Mon Jan 13 11:53:26 UTC 2025 

Released to Noble (& Oracular) as of 1.1.1-1~ubuntu24.04.1 (bug
2077011), as part of the 1.1.1-1 backport.

** Changed in: netplan.io (Ubuntu Noble)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to netplan.io in Ubuntu.
Matching subscriptions: foundations-bugs
https://bugs.launchpad.net/bugs/2076319

Title:
  Netplan generate is creating directories with incorrect permission

Status in Netplan:
  Fix Released
Status in netplan.io package in Ubuntu:
  Fix Released
Status in netplan.io source package in Jammy:
  In Progress
Status in netplan.io source package in Noble:
  Fix Released
Status in netplan.io source package in Oracular:
  Fix Released

Bug description:
  [ Impact ]

   * Running netplan with modified default umask (default 022, modified 027)
     will cause netplan to create /run/systemd/* directories with 750 permissions.

   * This will cause some backends, like systemd-network, failures
  during reading the configuration.

   * Issue appeared after adding fix for
  https://bugs.launchpad.net/netplan/+bug/1987842

  [ Test Plan ]

   * To reproduce this issue default umask needs to be changes for instance to 027
     This can be done in multiple ways, like changing bashrc/login.defs/profile

   * Make sure that there is currently no netplan configuration applied eg.:
     /run/systemd/network/ should not exist

   * Run "netplan apply"
   
   * Netplan will create /run/systemd/network/ directory with 750 permissions
   
   * This will cause issues reading files from that directory for some backends

  [ Where problems could occur ]

   * Targeted fix for this problem is to bring back setting umask to 022
  in "netplan generate" code

   * New umask should be only applied to creating directories to not
  bring back issues from lp1987842

   * In previous implementations netplan was already setting umask 022, which was removed with lp1987842 fix
     adding back introduces low risk of regression.

   * Fix tested locally, no issues detected.

  [ Other Info ]
   
   * umask 027 is set during usg hardening

   * In case of usg hardening, issue will not reproduce if /etc/netplan during boot process have some yaml files.
     In this scenario, umask 027 is set after netplan already perform config generation.
     User reporting this issue stated that in their scenario they first boot to the system and only then
     move netplan config to the /etc/netplan and run netplan apply manually

To manage notifications about this bug go to:
https://bugs.launchpad.net/netplan/+bug/2076319/+subscriptions

More information about the foundations-bugs mailing list