RRDTool 1.7.0 creates new files and directories with arbitrary permissions

When installing OpenNMS Horizon or Meridian and you use RRDTool there is a high chance you use version 1.7.0 which is shipped in CentOS 8 App stream. We have users who have configured OpenNMS to run as non-root in production and you will be affected by this bug.

You might be also affected when you run OpenNMS with our Docker images which run with RRDTool and non-root by default. If you run OpenNMS as root, you will just see strange RRD file permissions and everything else works just fine.

@Sortova ran in a similar issue where he described how to fix this problem in RRDtool 1.7.1 Released - Fixes Permissions Bug.

We addressed this issue in NMS-12463 where we provide the latest RRDTool 1.7.2 package for CentOS 8 from our own repository. So if you have the OpenNMS repository installed and you run dnf update you will get RRDTool upgraded from 1.7.0 to 1.7.2. For the container image users, the release of Horizon 25.1.2 will be shipped with RRDTool 1.7.2.

To get this issue fixed we have opened bugs in CentOS and Red Hat as well. If you are a Meridian customer we provide RRDTool 1.7.1 RPM packages with your Meridian repository access from 2015+ and with Meridian 2019 you can get RRDTool 1.7.2 as well.

Happy upgrading and I wish you a happy new year.

1 Like