Werk #15422: Agent Bakery: New default UNIX agent folder permissions
Component | Agent bakery | ||||||
Title | Agent Bakery: New default UNIX agent folder permissions | ||||||
Date | Mar 31, 2023 | ||||||
Level | Trivial Change | ||||||
Class | Bug Fix | ||||||
Compatibility | Incompatible - Manual interaction might be required | ||||||
Checkmk versions & editions |
|
This change will be compatible for most, if not all, users.
You are only affected if you actually make use of the (now removed) group-writable flag on agent package folders.
Normally, (especially when using the agent updater) the checkmk agent package files/folders will be installed with root ownership, while metadata of pre-existing folders won't be altered by the installation.
Hence, only customized installation methods (e.g., unpacking the tar package with a special user) may possibly run into problems with this change.
Previously, the folders of a baked UNIX agent package were packaged with octal permissions of 775.
This lead to problems in some rare cases, e.g. when storing (and using) an ssh-id under an agent folder.
This has now been changed to 755, as the agent's folders are owned by root and also installed under folders owned by root by default.
Please note that these are the permissions of the folders as they are packaged by the agent bakery.
Depending on the package manager (or tar unpack command) and the target system's umask, the installed folders may end up with other permissions.