Bug 1651876

Summary: blank permissions of /run/saslauthd after rpm --setperms
Product: Red Hat Enterprise Linux 7 Reporter: Mark Malakanov <markm>
Component: cyrus-saslAssignee: Simo Sorce <ssorce>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.6CC: anon.amish, jfch, jjelen, nmavrogi, plautrba, ssorce, vanmeeuwen+fedora
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-11 15:41:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark Malakanov 2018-11-21 06:02:08 UTC 
Description of problem:
wrong (blank) permissions for /run/saslauthd in cyrus-sasl RPM.

Version-Release number of selected component (if applicable):
cyrus-sasl-2.1.26-23.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. rpm --setperms cyrus-sasl
2. ll -d /run/saslauthd
3. rpm -q --qf "[%{FILENAMES} %{FILEMODES:perms}\n]" cyrus-sasl | grep 

Actual results:
d---------. 2 root root 100 Nov 21 05:25 /run/saslauthd
/run/saslauthd ----------

Expected results:
drwxr-xr-x. 2 root root 100 Nov 21 05:25 /run/saslauthd
/run/saslauthd -rwxr-xr-x

Additional info:
Though saslauthd daemon sets correct permissions after its restart, these permissions differ with the permissions in RPM. 
This causes OSCAP scan to detect is failure of rule "Verify and Correct File Permissions with RPM" ID: xccdf_org.ssgproject.content_rule_rpm_verify_permissions
Comment 1 Jakub Jelen 2018-11-21 08:59:04 UTC 
You are using RHEL7 package and you filled a bug on Fedora. Please, clarify what system are you using
Comment 2 Mark Malakanov 2018-11-21 13:58:44 UTC 
Hi. I am using Centos 7
Comment 4 Simo Sorce 2018-12-06 16:42:52 UTC 
Sounds like all is needed is to fix the spec to say:
%ghost %attr(755, root, root) /run/saslauthd
Comment 5 Simo Sorce 2019-02-11 15:41:11 UTC 
This issue was not selected to be included either in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small amount of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.