Bug 1716934

Summary: Running insights-client as non-root gives incomprehensible error message
Product: Red Hat Enterprise Linux 8 Reporter: Stephen Gallagher <sgallagh>
Component: insights-clientAssignee: jcrafts
Status: CLOSED DUPLICATE QA Contact: Jeff Needle <jneedle>
Severity: low Docs Contact:
Priority: unspecified    
Version: 8.0   
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-04 12:31:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stephen Gallagher 2019-06-04 12:23:34 UTC 
Description of problem:
When running `insights-client` as a non-root user (such as the ec2-user on Amazon EC2), the tool exits with a cryptic (pun intended) error message "No GPG-verified eggs can be found". It works properly when run with sudo.


Version-Release number of selected component (if applicable):
insights-client-3.0.5-4.el8.noarch

How reproducible:
Every time


Steps to Reproduce:
1. Install RHEL 8 (or launch the RHEL 8 quickstart image in EC2)
2. Log in to a shell as a non-root user (e.g. ec2-user)
3. Run `insights-client --help`

Actual results:
"No GPG-verified eggs can be found"


Expected results:
The usage help should be displayed regardless of the user running it.

When using any other arguments, they expected behavior should be performed or else the system should report that it is lacking permissions and suggest running as root.

Additional info:

The specific error here appears to be because the /etc/insights-client/redhattools.pub.gpg file is: 
-r--r-----. 1 root root   1147 Apr 20  2018 redhattools.pub.gpg
meaning it is not readable by any user other than root. Which seems useless, as a GPG public key is intended, by definition, to be publicly readable.
Comment 1 Jeff Needle 2019-06-04 12:31:43 UTC 

*** This bug has been marked as a duplicate of bug 1576557 ***
Comment 2 Stephen Gallagher 2019-06-04 12:35:39 UTC 
Manually modifying that file to be world-readable allows the `--help` text to be displayed. Running the connection test (or anything else), then errors out with:

[ec2-user@ip-172-31-87-72 insights-client]$ insights-client --test-connection
ERROR: Could not read configuration file, using defaults
Traceback (most recent call last):
  File "/usr/bin/insights-client", line 11, in <module>
    load_entry_point('insights-client==3.0.5', 'console_scripts', 'insights-client')()
  File "/usr/lib/python3.6/site-packages/insights_client/__init__.py", line 114, in _main
    config['logging_file'], backupCount=3)
  File "/usr/lib64/python3.6/logging/handlers.py", line 150, in __init__
    BaseRotatingHandler.__init__(self, filename, mode, encoding, delay)
  File "/usr/lib64/python3.6/logging/handlers.py", line 57, in __init__
    logging.FileHandler.__init__(self, filename, mode, encoding, delay)
  File "/usr/lib64/python3.6/logging/__init__.py", line 1032, in __init__
    StreamHandler.__init__(self, self._open())
  File "/usr/lib64/python3.6/logging/__init__.py", line 1061, in _open
    return open(self.baseFilename, self.mode, encoding=self.encoding)
PermissionError: [Errno 13] Permission denied: '/var/log/insights-client/insights-client.log'


This should be caught and the user told that they need to run as root for these operations.