View Issue Details

IDProjectCategoryView StatusLast Update
0017358CentOS-7croniepublic2020-05-13 20:33
Reporterljkimmel Assigned To 
Status newResolutionopen 
Product Version7.8-2003 
Summary0017358: /var/spool/anacron/cron.* get created with incorrect permissions
DescriptionIn 7.8-2003 the anacron files get created with permissions 0644. The RPM-specified values are 0600. This is an issue when we need to perform security validation using 'rpm -V'. The files are properly created using 7.7-1908.

Both systems are created with the minimal package group with the same kickstart file. The cronie-anacron package version seems to be the same in both releases.
Steps To ReproduceInstall CentOS-7 with the 7.7-2003 DVD installer using the minimal package group.
Validate permissions on /var/spool/anacron/crontab.* (ls -l /var/spool/anacron/)
TagsNo tags attached.




2020-05-13 03:39

manager   ~0036925

I am afraid I cannot confirm this bug. On an older VM as well as on a new physical installation I get the expected 0x600:
[root@am-vpn ~]# ls -l /var/spool/anacron/
total 12
-rw-------. 1 root root 9 Apr 29 06:29 cron.daily
-rw-------. 1 root root 9 Apr 21 11:35 cron.monthly
-rw-------. 1 root root 9 Apr 29 06:49 cron.weekly

[wolfy@lappy ~]$ ll /var/spool/anacron/
total 12
-rw-------. 1 root root 9 May 10 04:14 cron.daily
-rw-------. 1 root root 9 May 10 04:53 cron.monthly
-rw-------. 1 root root 9 May 10 04:33 cron.weekly


2020-05-13 20:33

reporter   ~0036930

I actually meant 7.8-2003 DVD installer (checksum: 087a5743dc6fd6706d9b961b8147423ddc029451b938364c760d75440eb7be14). Based on your comment I thought maybe this was an artifact of performing this install via Kickstart but I just performed a minimal install using the GUI installer and got the same result (0644):

[root@localhost ~]# ls -l /var/spool/anacron/
total 0
-rw-r--r--. 1 root root 0 May 13 10:22 cron.daily
-rw-r--r--. 1 root root 0 May 13 10:22 cron.monthly
-rw-r--r--. 1 root root 0 May 13 10:22 cron.weekly

For reference I'm attaching the resulting anaconda-ks.cfg.
anaconda-ks.cfg (1,261 bytes)   
# System authorization information
auth --enableshadow --passalgo=sha512
# Use CDROM installation media
# Use graphical install
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=sda
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Network information
network  --bootproto=dhcp --device=ens33 --onboot=off --ipv6=auto --no-activate
network  --hostname=localhost.localdomain

# Root password
rootpw --iscrypted $6$OrkIv3XJSarMHV.8$abjba4IlCK9EIU3y6B/64.e2dzr5oBYgphN9MrN79R2HomLlF304qmjv4X7s1IMxlCEaut5EhHFtevd.G0PKF0
# System services
services --disabled="chronyd"
# System timezone
timezone America/Chicago --isUtc --nontp
# System bootloader configuration
bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda
autopart --type=lvm
# Partition clearing information
clearpart --none --initlabel



%addon com_redhat_kdump --enable --reserve-mb='auto'


pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
anaconda-ks.cfg (1,261 bytes)   

Issue History

Date Modified Username Field Change
2020-05-12 15:02 ljkimmel New Issue
2020-05-13 03:39 ManuelWolfshant Note Added: 0036925
2020-05-13 20:33 ljkimmel File Added: anaconda-ks.cfg
2020-05-13 20:33 ljkimmel Note Added: 0036930