Using the `host-registration generate-command` with `--setup-remote-execution` on Red Hat Satellite 6.x drops the sudoers file with incorrect permissions

Solution Verified - Updated 29 Sept 2025

Environment

Satellite 6

Issue

Registering a Content Host enabling --setup-remote-execution on the generate registration command deploys invalid sudoers file permissions. Hence rexuserwon't have sudo rights.
- Example generation command
```
# hammer host-registration generate-command --activation-key 'RHEL8' --setup-remote-execution true
```
- After execute the registration command. File permissions are invalid on the Content Host:
```
# ls -l /etc/sudoers.d/rexuser                                       
rw-rr-. 1 root root 65 Sep 30 17:45 rexuser
```

Resolution

This issue has been addressed by This content is not included.remote_execution_ssh_keys template does not set proper sudoers file permissions, and fixed by RHSA-2025:4576 - Security Advisory

For more KB articles/solutions related to Red Hat Satellite 6.x Remote Execution Issues, please refer to the Red Hat Satellite Consolidated Troubleshooting Article for Red Hat Satellite 6.x Remote Execution Issues

Root Cause

The provision template /usr/share/foreman/app/views/unattended/provisioning_templates/snippet/remote_execution_ssh_keys.erb doesn't assign the right permissions to the created sudoers file.

Diagnostic Steps

visudo -c fails on the Content Host.

# visudo -c
/etc/sudoers: parsed OK
/etc/sudoers.d/rexuser: bad permissions, should be mode 0440

SBR

SysMgmt

Product(s)

Red Hat Satellite

Category

Configure

Tags

remote-execution

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.