Page MenuHomeVyOS Platform
Create Task
Maniphest T2834

Config rollback function is broken due lack access to the config.boot
Closed, ResolvedPublicBUG
Actions

Description

Rollback commands and the script vyatta-config-mgmt.pl --action=rollback run from the current user. Internal function cm_write_file during rollback trying to write into the /opt/vyatta/etc/config/archive/config.boot file.
But, because this file allows writing access only to the root user, operation failing and rollback cannot be done:

Permission:
-rw-r--r-- 1 root vyattacfg 1630 Aug 27 18:41 /opt/vyatta/etc/config/archive/config.boot

Error body:
Couldn't open /opt/vyatta/etc/config/archive/config.boot - Permission denied at /opt/vyatta/share/perl5/Vyatta/ConfigMgmt.pm line 108.

Affected both 1.3 and 1.2 versions.

Details

Version
1.3-rolling-202008270118. 1.2.5
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Event Timeline

zsdc created this task.Aug 27 2020, 6:51 PM
zsdc changed the task status from Open to Confirmed.
zsdc triaged this task as High priority.
pasik subscribed.Aug 28 2020, 3:43 PM
Viacheslav subscribed.Oct 14 2020, 8:16 PM
Viacheslav added a comment.EditedOct 15 2020, 6:15 AM

If I do a clean install of 1.2.6-s1 from iso, the rollback works fine.
If deploy from a qcow2 image, I see a similar error.

Deployed from iso

vyos@r1-1.2.6:~$ ls -la  /opt/vyatta/etc/config/
total 36
drwxrwsr-x 8 root vyattacfg 4096 Oct 15 08:58 .
drwxr-xr-x 1 root root      4096 Sep 27 13:03 ..
drwxrwsr-x 2 root vyattacfg 4096 Oct 15 09:06 archive
drwxrwsr-x 2 root vyattacfg 4096 Sep 27 13:02 auth
-rwxrwxr-x 1 root vyattacfg 2282 Oct 15 09:03 config.boot
drwxrwsr-x 2 root vyattacfg 4096 Sep 27 13:02 scripts
drwxrwsr-x 2 root vyattacfg 4096 Sep 27 13:02 support
drwxr-sr-x 3 root vyattacfg 4096 Sep 27 13:03 url-filtering
drwxrwsr-x 2 root vyattacfg 4096 Sep 27 13:02 user-data
-rw-r--r-- 1 root vyattacfg    0 Oct 15 08:58 .vyatta_config

Deployed from qcow2

vyos@r-2.lts# ls -la  /opt/vyatta/etc/config/
total 40
drwxrwsr-x 8 root vyattacfg 4096 Oct 15 09:11 .
drwxr-xr-x 1 root root      4096 Sep 28 23:29 ..
drwxrwsr-x 2 root vyattacfg 4096 Oct 15 09:11 archive
drwxrwsr-x 2 root vyattacfg 4096 Sep 28 23:10 auth
-rw-r--r-- 1 root vyattacfg 2134 Oct 15 09:11 config.boot
-rwxr-xr-x 1 root vyattacfg  723 Oct 15 09:11 config.boot.2020-10-15-0611.pre-migration
drwxrwsr-x 2 root vyattacfg 4096 Sep 28 23:10 scripts
drwxrwsr-x 2 root vyattacfg 4096 Sep 28 23:10 support
drwxr-sr-x 3 root vyattacfg 4096 Sep 28 23:10 url-filtering
drwxrwsr-x 2 root vyattacfg 4096 Sep 28 23:10 user-data
-rw-r--r-- 1 root vyattacfg    0 Sep 28 23:29 .vyatta_config
[edit]
UnicronNL claimed this task.Oct 17 2020, 12:57 PM
UnicronNL changed the task status from Confirmed to Needs testing.Oct 17 2020, 1:27 PM
Unknown Object (User) closed this task as Resolved.Feb 4 2021, 12:01 PM
Unknown Object (User) added a project: Restricted Project.
Unknown Object (User) subscribed.

Own build crux version from 13 Jan 2021 19:08 UTC - works properly
1.2.6-S1 - works properly
1.2.6 - affected (does not works)
1.4-rolling-202102040221 - works properly
1.3-beta-202102040443 - works properly

dmbaturin removed a project: VyOS 1.3 Equuleus.Sep 10 2021, 2:38 PM
dmbaturin set Issue type to Unspecified (please specify).