Foreman » Installer

Installer doesn't set correct permissions of /pub/ files

When running the installer on a fresh system, some of the contents of the /pub directory are not accessible. Trying to download the consumer RPM from "https://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm" results in a "403 Forbidden" error. From looking at the file on the system, it seems like the installer is not setting to correct permissions on the files it generated. There isn't read access for the "apache" user:

1. ll a /var/www/html/pub
   total 120
   drwxr-xr-x. 2 apache apache 4096 Dec 6 01:37 .
   drwxr-xr-x. 3 root root 82 Dec 5 01:28 ..
   -rw-r--r-. 1 root root 74211 Apr 26 2022 bootstrap.py
   rw------. 1 root root 12056 Nov 30 17:40 katello-ca-consumer-satellite.example.com-1.0-1.noarch.rpm
   rw------. 1 root root 11312 Nov 30 17:40 katello-ca-consumer-satellite.example.com-1.0-1.src.rpm
   lrwxrwxrwx. 1 root root 94 Nov 30 17:40 katello-ca-consumer-latest.noarch.rpm > /var/www/html/pub/katello-ca-consumer-satellite.example.com-1.0-1.noarch.rpm
   -rwx-----. 1 root root 8240 Nov 30 17:40 katello-rhsm-consumer
   rw-r--r-. 1 root root 2706 Nov 30 17:40 katello-server-ca.crt

It seems to be using the default umask for the system:

1. umask
   0077

This can be fixed by adding global read access to the files, but it seems like the installer should be doing this.

Reproducible: Always

Steps to Reproduce:
1. Start with a fresh system
2. Have the umask set to 0077
3. Run `satellite-installer --scenario satellite`
4. Try to access "https://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm"
Actual Results:
"403 Forbidden" error

Expected Results:
RPM file is downloaded