Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.8.0
-
None
-
None
Description
In the current version of the ort script, trafficserver config file ownership is not changed to the ats user id. With Centos 7.2 this presents a problem if a config file is owned by root. ATS uses the link(2) system call to make backup copies of config files. In Centos 7.2, if an ats config file is owned by root, ats will fail in creating backup config files and loading new config files if the are not owned by the traffic server effective user due to security tightening under Centos 7.2. The previous Centos 6.2 behavior may be with the symlinks and hardlink system calls may be restored by setting these sysctl settings to the value shown:
CentOS sysctl settings
fs.protected_hardlinks = 0
fs.protected_symlinks = 0
In any event, the ort script should explicitly chown the ownership of config files to the effective user of trafficserver. I'll submit a PR to correct this.
Attachments
Issue Links
- relates to
-
-
- Open
-
- links to
