Bug #7343
Changed t-p-s numeric UID breaks persistence.conf access rights check
100%
Description
I installed Tails 1.0, setup persistence, put some files in there. Then upgraded to a build from current experimental, restarted. Then persistence.conf
was disabled, as the ACL for that file gives access to the UID the t-p-s user had on Tails/Squeeze.
The fix seems easy: create this user with the expected, fixed UID at ISO build time.
Subtasks
Related issues
Blocks Tails - |
Resolved | 2014-05-29 |
History
#1 Updated by intrigeri 2014-05-30 08:01:30
- Description updated
Exercise for the reader: why the heck didn’t the automated test suite notice this? I should try and reproduce this with a read 1.1~beta1, first.
#2 Updated by intrigeri 2014-05-30 09:09:48
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 10
- Feature Branch set to bugfix/7343-static-uids
#3 Updated by intrigeri 2014-05-30 13:30:48
- Assignee changed from intrigeri to anonym
- % Done changed from 10 to 40
- QA Check set to Ready for QA
#4 Updated by intrigeri 2014-05-30 13:33:32
- blocks
Bug #7338: NetworkManager persistence setting is not migrated added
#5 Updated by anonym 2014-06-08 16:48:24
intrigeri wrote:
> Exercise for the reader: why the heck didn’t the automated test suite notice this? I should try and reproduce this with a read 1.1~beta1, first.
When I ran the automated test suite, I couldn’t use Tails 1.0’s image as --old-iso
since essentially all images used by sikuli were updated for Wheezy So I just used a week old devel build.
#6 Updated by anonym 2014-06-12 14:39:45
- Status changed from In Progress to Fix committed
- Assignee deleted (
anonym) - % Done changed from 40 to 100
- QA Check changed from Ready for QA to Pass
#7 Updated by alant 2014-06-21 12:55:57
To manually fix that under 1.1~beta1, in addition to copying the content of the .insecure-disabled files, one shoud also change the ACLs of /live/persistence/TailsData_unlocked/ to:
user::rwx
user:tails-persistence-setup:rwx
group::rwx
mask::rwx
other::r-x
That can be achieved with the following commands as root:
setfacl -x user:htp
setfacl -m user:tails-persistence-setup:rwx
#8 Updated by intrigeri 2014-06-21 15:34:31
> To manually fix that under 1.1~beta1, in addition to copying the content of the
> .insecure-disabled files, one shoud also change the ACLs of
> /live/persistence/TailsData_unlocked/ to:
… and then you’ll have to do the opposite change when upgrading to a newer beta, or to 1.1 final.
#9 Updated by BitingBird 2014-07-22 22:55:35
- Status changed from Fix committed to Resolved