- 3,714,551 Users
- 2,242,576 Discussions
- 7,844,931 Comments
Oracle Linux Manager file owner issues
So I have installed the Oracle Linux Manager 2.10 onto my existing (Oracle) Spacewalk 2.10.
I can clone and use spacewalk-manage-channel-lifecycle for OL7-channels without a problem. However using that tool on OL8-channels with modular data has been frustrating for a day.
The tool reposync is creating the modules-directory (in /var/satellite/rhn/modules) and runs a chown 770 on the created directories and chmod apache:apache on them.
[[email protected] modules]# pwd /var/satellite/rhn/modules drwxrwx---. 2 apache apache 91 Dec 30 14:50 dc-monthly-epel8-modular-oraclelinux8-x86_64 drwxrwx---. 2 apache apache 26 Nov 5 16:06 dc-monthly-oraclelinux8-x86_64-appstream drwxrwx---. 2 apache apache 4096 Dec 30 12:39 dc-monthly-oraclelinux8-x86_64-codeready-builder drwxrwx---. 2 apache apache 91 Dec 30 14:42 epel8-modular-oraclelinux8-x86_64 drwxrwx---. 2 apache apache 4096 Nov 30 10:45 oraclelinux8-x86_64-appstream drwxrwx---. 2 apache apache 91 Dec 30 12:38 oraclelinux8-x86_64-codeready-builder
If I run the tool spacewalk-manage-channel-lifecycle on channels with modular data, it is talking to the API in Tomcat, that is running as user tomcat.
spacewalk-manage-channel-lifecycle --clear-channel --promote <rest of options>
So the cloning (with clear) is failing in the background because the modular data copy is failing. In the code, tomcat is trying to do a chmod 770 on those modules-directories but it can't because ownership is not tomcat but apache and ownership can only be changed by the owner of the files.
If I do a chown tomcat:apache on /var/satellite/rhn/modules/*, the process works, because the user doing the chown-ing is owner of the files. This also works because I put the user tomcat in the apache-group. The process also works if I run tomcat as user root, but I don't want to do that.
Does anybody have any tips? Maybe running tomcat as user apache, but then al sorts of other things may go wrong because the use apache can't write to directories that are owned by tomcat.