Bug 1130570

Summary: restarting service under nonprivileged user must fail
Product: Red Hat Enterprise Linux 6 Reporter: Radka Brychtova <rskvaril>
Component: ipsetAssignee: Thomas Woerner <twoerner>
Status: CLOSED NOTABUG QA Contact: qe-baseos-daemons
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.6CC: twoerner
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-08-26 13:22:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 888571, 1136257    

Description Radka Brychtova 2014-08-15 14:40:50 UTC 
Version-Release number of selected component (if applicable):
ipset-6.11-2.el6.x86_64


How reproducible:


Steps to Reproduce:
1.service ipset start
2.su randomUser -c 'service ipset restart'
3.

Actual results:
/etc/init.d/ipset: line 46: /etc/sysconfig/iptables-config: Permission denied
/etc/init.d/ipset: line 47: /etc/sysconfig/ip6tables-config: Permission denied
ipset v6.11: Kernel error received: Operation not permitted
rm: cannot remove `/var/lock/subsys/ipset': Permission denied
ipset v6.11: Kernel error received: Operation not permitted
ipset: Loading IP sets:                                    [  OK  ]
touch: cannot touch `/var/lock/subsys/ipset': Permission denied

Return code: 0
Expected results:
Return code: 4


Additional info:
Comment 3 Thomas Woerner 2014-08-26 13:15:25 UTC 
Fixes applied to init script altogether with suggestions from https://bugzilla.redhat.com/show_bug.cgi?id=888571#c28
Comment 4 Thomas Woerner 2014-08-26 13:22:07 UTC 

*** This bug has been marked as a duplicate of bug 888571 ***
Comment 5 Radka Brychtova 2014-08-26 13:29:25 UTC 
This ticket was merge, becase they belong to same errata.