| Summary: | NSS DB group permissions not fully respected | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Robert Bost <rbost> |
| Component: | mod_nss | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | Kaleem <ksiddiqu> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | adam.winberg, mharmsen, nkinder, pbajenez, rcritten |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | mod_nss-1.0.14-8.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-08-01 16:53:57 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Robert Bost
2016-11-15 16:12:53 UTC
Verified.
Pkg version:
============
[root@dhcp207-220 ~]# rpm -q mod_nss httpd
mod_nss-1.0.14-10.el7.x86_64
httpd-2.4.6-67.el7.x86_64
[root@dhcp207-220 ~]#
Console output:
===============
[root@dhcp207-220 ~]# id apache
uid=48(apache) gid=48(apache) groups=48(apache),386(ipaapi),1000(mytest)
[root@dhcp207-220 ~]# chown :mytest /etc/httpd/alias/*.db
[root@dhcp207-220 ~]# ls -la /etc/httpd/alias/
total 96
drwxr-xr-x. 2 root root 94 May 16 14:28 .
drwxr-xr-x. 6 root root 105 May 16 14:28 ..
-rw-r-----. 1 root mytest 65536 May 16 14:28 cert8.db
-rw-------. 1 root root 5274 May 16 14:28 install.log
-rw-r-----. 1 root mytest 24576 May 16 14:28 key3.db
lrwxrwxrwx. 1 root root 24 May 16 14:28 libnssckbi.so -> /usr/lib64/libnssckbi.so
-rw-r-----. 1 root mytest 16384 May 16 14:28 secmod.db
[root@dhcp207-220 ~]# systemctl start httpd
[root@dhcp207-220 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2017-05-16 14:29:20 IST; 17s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 1947 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─1947 /usr/sbin/httpd -DFOREGROUND
├─1948 /usr/libexec/nss_pcache 131074 off
├─1949 /usr/sbin/httpd -DFOREGROUND
├─1950 /usr/sbin/httpd -DFOREGROUND
├─1951 /usr/sbin/httpd -DFOREGROUND
├─1952 /usr/sbin/httpd -DFOREGROUND
└─1953 /usr/sbin/httpd -DFOREGROUND
May 16 14:29:20 dhcp207-220.testrelm.test systemd[1]: Starting The Apache HTTP Server...
May 16 14:29:20 dhcp207-220.testrelm.test systemd[1]: Started The Apache HTTP Server.
[root@dhcp207-220 ~]# groups apache
apache : apache ipaapi mytest
[root@dhcp207-220 ~]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2009 |