Bug 222327

Summary: Yum Permissions issue
Product: Red Hat Enterprise Linux 5 Reporter: Red Hat Production Operations <soc>
Component: yum-rhn-pluginAssignee: Pradeep Kilambi <pkilambi>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: duffy, jjneely, lockhart
Target Milestone: rc   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2008-0360 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-21 14:27:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
strace of command output.
none
Simple permission plugin
none
config file for simple permission plugin none

Description Red Hat Production Operations 2007-01-11 18:06:46 UTC 
Description of problem: Yum reports system is not registered with RHN, when it is.

Version-Release number of selected component (if applicable):

[root@katana ~]# rpm -qa | grep yum
yum-updatesd-3.0-5.4
yum-metadata-parser-1.0-8.fc6
yum-3.0-5.4
yum-rhn-plugin-0.2.0-2.el5
[root@katana ~]# 

How reproducible: Every time

Steps to Reproduce:
[csmith@katana ~]$ yum search gmime
Loading "installonlyn" plugin
Loading "rhnplugin" plugin
This system is not registered with RHN.
RHN support will be disabled.
Setting up repositories
Reading repository metadata in from local files
No Matches found
[csmith@katana ~]$ sudo -s
Password:
[root@katana ~]# yum search gmime
Loading "installonlyn" plugin
Loading "rhnplugin" plugin
Setting up repositories
rhel5-csb                 100% |=========================|  951 B    00:00     
rhel-i386-client-5-beta   100% |=========================|  950 B    00:00     
rhel-i386-client-workstat 100% |=========================|  950 B    00:00     
rhel-i386-client-vt-5-bet 100% |=========================|  950 B    00:00     
rhel-i386-client-suppleme 100% |=========================|  950 B    00:00     
Reading repository metadata in from local files
No Matches found
[root@katana ~]#

Additional info:

[csmith@katana ~]$ strace yum search gmime &> strace.out
[csmith@katana ~]$ cat strace.out | grep -i denied
access("/var/lib/rpm", W_OK)            = -1 EACCES (Permission denied)
access("/var/lib/rpm", W_OK)            = -1 EACCES (Permission denied)
access("/etc/sysconfig/rhn/up2date", R_OK) = -1 EACCES (Permission denied)
access("/etc/sysconfig/rhn/systemid", R_OK) = -1 EACCES (Permission denied)
open("//var/cache/yum/rhel5-csb/primary.xml.gz.sqlite",
O_RDWR|O_CREAT|O_LARGEFILE, 0644) = -1 EACCES (Permission denied)
open("//var/cache/yum/rhel5-csb/primary.xml.gz.sqlite",
O_RDWR|O_CREAT|O_LARGEFILE, 0644) = -1 EACCES (Permission denied)
access("/var/lib/rpm", W_OK)            = -1 EACCES (Permission denied)
[csmith@katana ~]$
Comment 1 Red Hat Production Operations 2007-01-11 18:06:47 UTC 
Created attachment 145375 [details]
strace of command output.
Comment 2 James Bowes 2007-01-12 15:56:47 UTC 
The config files can only be read by root (so people don't go stealing your
systemid). I guess we could check if the command is run as root (or if you can
access the files), and then instead display a message like "You don't have
sufficient permissions to access RHN"?
Comment 3 Máirín Duffy 2007-01-23 16:24:54 UTC 
error message suggestion; if you run yum as non-root:

Loading "rhnplugin" plugin
*NOTE* Red Hat Network repositories are not listed below. You must run this
command as root to access RHN repositories.
Comment 4 Michael Kearey 2007-04-02 16:30:32 UTC 
Created attachment 151444 [details]
Simple permission plugin
Comment 5 Michael Kearey 2007-04-02 16:32:20 UTC 
Created attachment 151445 [details]
config file for simple permission plugin
Comment 6 Michael Kearey 2007-04-02 16:51:25 UTC 
I encountered this problem. Found this bugzilla. I did the simple permission.py
as a quick workaround.
Probably not much use to us.
Comment 7 Red Hat Bugzilla 2007-10-26 00:51:13 UTC 
User jslagle's account has been closed
Comment 8 RHEL Program Management 2007-11-03 01:36:12 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 9 Pradeep Kilambi 2007-12-04 19:48:37 UTC 
Sending        yum-rhn-plugin/rhnplugin.py
Transmitting file data .
Committed revision 134463.
Comment 10 Clifford Perry 2007-12-10 18:43:55 UTC 
*** Bug 240326 has been marked as a duplicate of this bug. ***
Comment 13 Cameron Meadors 2008-02-14 21:10:12 UTC 
Text from comment #3 is displayed when run as non-root.
Comment 15 errata-xmlrpc 2008-05-21 14:27:09 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0360.html
Comment 16 wdc 2008-05-29 17:44:24 UTC 
I wish I had been given the opportunity to test the change before it was
codified into an Erratta release.  I'm not convinced the problem is fully resolved.

I see two issues:

1. The error message could be further refined

Although the error message now does say that one must run Yum as root,
anyone taking the time to read the entire error message will still see
the string:
RHN Support disabled.

This error message implies that yum might have de-registered the system.
Ideally that error string would NOT be displayed when Yum is run by a non-root
user.

If there are contexts where that message is useful, would a revision to
the string to be, "RHN Support unavailable" be as useful.  In this particular
context, such a string would be more accurate, and not mislead naive users
into thinking that the system has been de-registered.

2. yum whatprovides behavior seems to have changed radically with this new
version.

Previously "yum whatprovides ooffice" would give a list of packages and the
paths to all files that had "ooffice" in them.  Usefully it would tell me
what packages were responsible for providing /usr/bin/ooffice

Now, instead of a list of paths and packages I get
Error: No matching Packages to list

That seems incorrect!
Is that message a consequence of the remedy for this bug, or have we a new bug?
Comment 17 Pradeep Kilambi 2008-05-29 18:13:25 UTC 
regarding issue (2) looks like a separate bug to me. Doesn't look specific to
rhn-plugin but definitely something in yum. You're right I see the same
behavior. I would expect "yum whatprovides ooffice" to return at least the font
file paths. 

I opened a separate issue, so yum maintainer can take a peek at this:
https://bugzilla.redhat.com/show_bug.cgi?id=448955

regarding (1) I think the intent here is to say that you do not have RHN support
until its run as root.
Comment 18 wdc 2008-06-18 00:02:29 UTC 
I know what the intent is.
The problem is that the output does NOT meet with the intent!

It is extremely frustrating that I have to keep going to the Web visiting the
various Service Requests and Bugzilla Bugs and restate what a trivial usability
test would say:

"RHN Support will be disabled" can mean to  many customers that they broke
something.

"RHN Support is only available when yum is run as root" clearly states the
intent, and is the output that should be issued.

The candidate fix should have been reviewed by the PERSON REPORTING THE ERROR
BEFORE THE NEW VERSION WAS SHIPPED.  The fix is insufficient and needs to be
refined!
Comment 19 Máirín Duffy 2008-06-18 04:17:19 UTC 
Bill, we seem to have some confusion here. Do you have access to this bug's
contents?

Look at comment #3. The suggested corrected error message, which I am assuming
meets your needs (let me know if it doesn't) is written in comment #3:

"Loading "rhnplugin" plugin
*NOTE* Red Hat Network repositories are not listed below. You must run this
command as root to access RHN repositories."

You could have provided comment on that text if you had felt the need. (Although
from what you've written it seems it would have been okay with you?) 

Now look at comment #13: "Text from comment #3 is displayed when run as non-root."

So if you are not seeing the text in comment #3, this bug should not have passed
QA. Where/how are you seeing the "RHN Support disabled" text? Are you seeing
that without the corresponding text in comment #3?
Comment 20 wdc 2008-06-24 22:43:33 UTC 
Here is verbatim paste-in of the run of yum as non-root:

[wdc@wdc-rhel5-64-test ~]$ yum whatprovides /usr/bin/ooffice
Loading "security" plugin
Loading "rhnplugin" plugin
*Note* Red Hat Network repositories are not listed below. You must run this
command as root to access RHN repositories.
RHN support will be disabled.
openoffice.org-core.x86_64 : core modules for openoffice.org
[wdc@wdc-rhel5-64-test ~]$ 


"RHN support will be disabled" appears after the improved error message.
The text offered in comment #3 is fine as far as it goes, but the un-amended
text could imply that RHN support has been turned off, not that it is ready
and waiting as soon as I run yum as root.

I recommend that this text string change from:

    RHN support will be disabled

to

    RHN support is only available when yum is run as root.

or, if appropriate to simply delete that string.