Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
Description
Suggestion is that the script in the Confluence install program use rpm instead of yum to detect the fontconfig lib in the RedHat branch of the fontconfig detection script as 'rpm -q fontconfig' could be used instead of 'yum list installed fontconfig' which is used today, and when using rpm the CIS umask enhancements does not hinder the query.
The problem is that when CIS is in play the umask for root is set to 077 instead of as usual 022, and this leads to when packages are installed with yum the yum specific files (and most likely some others too) ends up having access permissions set so unprivileged users cannot use yum to detect if a package is installed. If rpm is used to detect the package there is no problem.