Bug 1118313

Summary: [PATCH] Audit daemon will not change group ownership from configuration file after SIGHUP
Product: Red Hat Enterprise Linux 7 Reporter: Lubomir Rintel <lkundrak>
Component: auditAssignee: Steve Grubb <sgrubb>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: medium    
Version: 7.0CC: koudis, lkundrak, pkis, qe-baseos-security, sgrubb, vonsch
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1118262 Environment:
Last Closed: 2016-06-29 14:39:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1118262    
Bug Blocks:    

Description Lubomir Rintel 2014-07-10 12:25:33 UTC 
Also affects el7

+++ This bug was initially created as a clone of Bug #1118262 +++

Description of problem:
If I change log_group parameter in /etc/audit/auditd.conf, according to manpage I should send SIGHUP signal to auditd process. But group owner is not changed after this call. Other paramaters like log_file are changed correctly.
Only way how can I use new configuration is call 'service auditd restart', but this is not possible on el7.


Version-Release number of selected component (if applicable):
Name        : audit
Arch        : x86_64
Version     : 2.2
Release     : 2.el6
Size        : 956 k
Repo        : installed
From repo   : sl6


How reproducible:


Steps to Reproduce:
1. change log_group in conf file
2. 'killall -s SIGHUP auditd'
3. check log file group owner

Actual results:


Expected results:


Additional info:

--- Additional comment from Lubomir Rintel on 2014-07-10 08:23:41 EDT ---
Comment 1 Lubomir Rintel 2014-07-10 12:25:46 UTC 
Patch: https://bugzilla.redhat.com/attachment.cgi?id=917052
Comment 4 Adam Tkac 2016-05-17 11:35:40 UTC 
May I ask you what's status of this bug?

As written on https://bugzilla.redhat.com/show_bug.cgi?id=1118262#c3, it would be very helpful for us to either accept the patch mentioned in comment #1 which fixes "killall -HUP auditd" after change of log_group parameter or mention in documentation (manpage) that after change of this parameter, auditd must be restarted and SIGHUP isn't sufficient.

Btw from my POV patch is pretty simple and admins tend to think that "if daemon supports reload via SIGHUP, I can change anything in conf and send SIGHUP and configuration will be changed". Even in this case it is chgrp...
Comment 5 Steve Grubb 2016-06-29 14:39:41 UTC 
This bug is being closed as a duplicate of 1118262. Its being worked on the other bug. Thanks for reporting the issue.

*** This bug has been marked as a duplicate of bug 1118262 ***