Bug report: AWSEC2-ConfigureSTIG fails on AL2 if /tmp contains an item with a long user/group like webapp

0

The state association will fail with this error: "The staging directory is not currently owned by the root account. Exiting."

This is caused by the shell script not expecting a single space in between user and group. For example, Elastic Beanstalk runs as user webapp and group webapp. This causes entries created in /tmp to look like this in ls (notice the space between webapp and webapp:

drwxr-xr-x   2 webapp webapp    6 Sep 18 01:00 uploads

The script itself is looking for entries looking like:

drwx------ 2 root   root      6 Sep 19 17:13 tmp.ZU79vTNUjs

Notice the multiple spaces between root and root.

Not using /tmp from webapp is the only fix I have found so far. Having spent many hours on this, I hope this may help someone else.

1 Answer
0

The problematic line is this one:

(ls -l /tmp/ | grep "$stagingDir" | cut -d' ' -f 3,4 | grep -E -q "^(\s*)root\s*root\s*$") || { echo The 'staging directory is not currently owned by the root account. Exiting.'; exit 1; }

The cut command is cutting the user and group apart in two different field when the delimiter becomes a single space, breaking the following grep command.

Daniel
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content