Bug 518279

Summary: logs created at startup can get wrong file mode
Product: [Retired] 389 Reporter: Ulf Weltman <ulf.weltman>
Component: Directory ServerAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: low    
Version: 1.2.0CC: jgalipea, nkinder
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 16:42:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 434914, 519216    
Attachments:
Description Flags
trivial fix proposal
none
revised patch none

Description Ulf Weltman 2009-08-19 17:42:35 UTC
If nsslapd-errorlog-mode is set to 644, slapd is shut down, errors log removed, and slapd is started, then the new log might get permissions 600.

This is happening because the front end processing of the configuration attributes in cn=config happens in an order that can't be relied upon.  If it processes nsslapd-errorlog before nsslapd-errorlog-mode, then it creates the log file with the default permissions (600).  This is true for access and audit logs too.

Comment 1 Ulf Weltman 2009-08-19 17:44:15 UTC
Created attachment 357960 [details]
trivial fix proposal

This fix makes the function that processes the nsslapd-{access|error|audit}log-mode attribute also perform a chown, if it has already processed the nsslapd-{access|error|audit}log attribute.  If it has not yet processed the nsslapd-{access|error|audit}log attribute then it wont perform the chown since it doesn't yet know the file name of the log file, and anyway the mode will be correct when the nsslapd-{access|error|audit}log attribute is processed and the log file is opened.

A side effect of this fix is that we can now change mode on open log files on the fly.  Previously, setting nsslapd-{access|error|audit}log-mode would only affect new files but now it will also take effect for the log file currently in use.

Comment 2 Rich Megginson 2009-09-22 23:02:44 UTC
Created attachment 362149 [details]
revised patch

Comment 3 Rich Megginson 2009-09-23 13:13:41 UTC
To ssh://git.fedorahosted.org/git/389/ds.git
   60c49dd..56b9868  master -> master

commit 56b9868c2fca5a56b11a4d0a9387980b6f338835
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Tue Sep 22 17:04:19 2009 -0600

    Reviewed by: nkinder (Thanks!)
    Fix Description: Try to apply the mode using chmod() if a log file has been 
specified.  If and only if the log file has not been set, or if the chmod() succ
eeds, apply the changes to the internal config.
    Platforms tested: RHEL5 x86_64
    Flag Day: no
    Doc impact: no

Comment 4 Jenny Severance 2010-06-07 20:16:35 UTC
verified - RHEL 4 and Solaris

version -
Solaris: 8.2.0,REV=2010.06.07.04.34.53
RHEL 4: redhat-ds-base-8.2.0-2010060704.el4dsrv


Solaris:

bash-2.05# /etc/init.d/dirsrv stop
Shutting down dirsrv: 
    sun-netra-01... SUCCESS
Solaris:
bash-2.05# rm -rf /var/log/dirsrv/slapd-sun-netra-01/*
bash-2.05# /etc/init.d/dirsrv start
Starting dirsrv: 
    sun-netra-01... SUCCESS
bash-2.05# ls -al /var/log/dirsrv/slapd-sun-netra-01/
total 12
drwxrwx---   2 nobody   nobody       512 Jun  7 16:08 .
drwxr-xr-x   4 root     other        512 Jun  7 15:59 ..
-rw-------   1 nobody   other          0 Jun  7 16:08 access
-rw-------   1 nobody   other         63 Jun  7 16:08 access.rotationinfo
-rw-------   1 nobody   other          0 Jun  7 16:08 audit
-rw-------   1 nobody   other         63 Jun  7 16:08 audit.rotationinfo
-rw-------   1 nobody   other        297 Jun  7 16:08 errors
-rw-------   1 nobody   other         63 Jun  7 16:08 errors.rotationinfo


RHEL 4:

[root@jgalipea-rhel4 ~]# ls -al /var/log/dirsrv/slapd-jgalipea-rhel4/
total 56
drwxrwx---  2 nobody nobody 4096 Jun  7 16:14 .
drwxr-xr-x  4 root   root   4096 Jun  7 04:22 ..
-rw-------  1 nobody root      0 Jun  7 16:14 access
-rw-------  1 nobody root     63 Jun  7 16:14 access.rotationinfo
-rw-------  1 nobody root      0 Jun  7 16:14 audit
-rw-------  1 nobody root     63 Jun  7 16:14 audit.rotationinfo
-rw-------  1 nobody root    388 Jun  7 16:14 errors
-rw-------  1 nobody root     63 Jun  7 16:14 errors.rotationinfo
[root@jgalipea-rhel4 ~]# service dirsrv stop
Shutting down dirsrv: 
    jgalipea-rhel4...                                      [  OK  ]
[root@jgalipea-rhel4 ~]# rm -rf /var/log/dirsrv/slapd-jgalipea-rhel4/*
[root@jgalipea-rhel4 ~]# service dirsrv start
Starting dirsrv: 
    jgalipea-rhel4...                                      [  OK  ]
[root@jgalipea-rhel4 ~]# ls -al /var/log/dirsrv/slapd-jgalipea-rhel4/
total 56
drwxrwx---  2 nobody nobody 4096 Jun  7 16:14 .
drwxr-xr-x  4 root   root   4096 Jun  7 04:22 ..
-rw-------  1 nobody root      0 Jun  7 16:14 access
-rw-------  1 nobody root     63 Jun  7 16:14 access.rotationinfo
-rw-------  1 nobody root      0 Jun  7 16:14 audit
-rw-------  1 nobody root     63 Jun  7 16:14 audit.rotationinfo
-rw-------  1 nobody root    388 Jun  7 16:14 errors
-rw-------  1 nobody root     63 Jun  7 16:14 errors.rotationinfo