Bug 618897
Summary: | rhds82 - manage cert with several instance and uid - cannot open nss db if instance created from console | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Directory Server | Reporter: | Marc Sauton <msauton> | ||||
Component: | UI - Configuration | Assignee: | Nathan Kinder <nkinder> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Viktor Ashirov <vashirov> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 8.2 | CC: | amsharma, dlackey, jgalipea, nkinder, rmeggins | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-05-06 14:37:10 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 434915 | ||||||
Attachments: |
|
Description
Marc Sauton
2010-07-28 01:43:24 UTC
note:
> 5. create a second instance in console, as a test, can be silent install
this step must be done in the console, not setup-ds-admin.pl
I have reproduced this issue, but I have also confirmed that this is not a regression. The same behavior is observed with RHDS 8.1. I think that we should doc this for 8.2 along with a workaround of changing the permissions, but we should target this for 9.0. Created attachment 480261 [details]
Patch
Prior to my patch, the ownership/permissions on the config directories of my two test instances looked like this (slapd-localhost was created by setup-ds-admin.pl and slapd-localhost2 was created by Console): [root@localhost ~]# ls -al /etc/dirsrv/slapd-localhost total 344 drwxrwx---. 3 slapd1 slapd 4096 Feb 22 11:32 . drwxrwxr-x. 7 root slapd 4096 Feb 22 11:39 .. -rw-rw----. 1 slapd1 slapd 65536 Feb 22 11:32 cert8.db -r--r-----. 1 slapd1 slapd 3595 Feb 22 11:32 certmap.conf -rw-------. 1 slapd1 slapd 70704 Feb 22 11:32 dse.ldif -rw-------. 1 slapd1 slapd 70067 Feb 22 11:32 dse.ldif.bak -rw-------. 1 slapd1 root 46034 Feb 22 11:32 dse.ldif.startOK -r--r-----. 1 slapd1 slapd 31500 Feb 22 11:32 dse_original.ldif -rw-rw----. 1 slapd1 slapd 16384 Feb 22 11:32 key3.db drwxrwx---. 2 slapd1 slapd 4096 Feb 22 11:32 schema -rw-rw----. 1 slapd1 slapd 16384 Feb 22 11:32 secmod.db -r--r-----. 1 slapd1 slapd 5366 Feb 22 11:32 slapd-collations.conf [root@localhost ~]# ls -al /etc/dirsrv/slapd-localhost2 total 320 drwx------. 3 slapd2 root 4096 Feb 22 11:39 . drwxrwxr-x. 7 root slapd 4096 Feb 22 11:39 .. -rw-rw----. 1 slapd2 slapd 65536 Feb 22 11:39 cert8.db -r--------. 1 slapd2 root 3595 Feb 22 11:39 certmap.conf -rw-------. 1 slapd2 slapd 58618 Feb 22 11:39 dse.ldif -rw-------. 1 slapd2 slapd 58037 Feb 22 11:39 dse.ldif.bak -rw-------. 1 slapd2 root 46697 Feb 22 11:39 dse.ldif.startOK -r--------. 1 slapd2 root 31515 Feb 22 11:39 dse_original.ldif -rw-rw----. 1 slapd2 slapd 16384 Feb 22 11:39 key3.db drwx------. 2 slapd2 root 4096 Feb 22 11:39 schema -rw-rw----. 1 slapd2 slapd 16384 Feb 22 11:39 secmod.db -r--------. 1 slapd2 root 5366 Feb 22 11:39 slapd-collations.conf After my patch, the ownership/permissions are consistent between the two instances: [root@localhost ~]# ls -al /etc/dirsrv/slapd-localhost total 344 drwxrwx---. 3 slapd1 slapd 4096 Feb 22 13:32 . drwxrwxr-x. 7 root slapd 4096 Feb 22 13:34 .. -rw-rw----. 1 slapd1 slapd 65536 Feb 22 13:32 cert8.db -r--r-----. 1 slapd1 slapd 3595 Feb 22 13:32 certmap.conf -rw-------. 1 slapd1 slapd 70704 Feb 22 13:32 dse.ldif -rw-------. 1 slapd1 slapd 70067 Feb 22 13:32 dse.ldif.bak -rw-------. 1 slapd1 root 46034 Feb 22 13:32 dse.ldif.startOK -r--r-----. 1 slapd1 slapd 31500 Feb 22 13:32 dse_original.ldif -rw-rw----. 1 slapd1 slapd 16384 Feb 22 13:32 key3.db drwxrwx---. 2 slapd1 slapd 4096 Feb 22 13:32 schema -rw-rw----. 1 slapd1 slapd 16384 Feb 22 13:32 secmod.db -r--r-----. 1 slapd1 slapd 5366 Feb 22 13:32 slapd-collations.conf [root@localhost ~]# ls -al /etc/dirsrv/slapd-localhost2 total 320 drwxrwx---. 3 slapd2 slapd 4096 Feb 22 13:34 . drwxrwxr-x. 7 root slapd 4096 Feb 22 13:34 .. -rw-rw----. 1 slapd2 slapd 65536 Feb 22 13:34 cert8.db -r--r-----. 1 slapd2 slapd 3595 Feb 22 13:34 certmap.conf -rw-------. 1 slapd2 slapd 58618 Feb 22 13:34 dse.ldif -rw-------. 1 slapd2 slapd 58037 Feb 22 13:34 dse.ldif.bak -rw-------. 1 slapd2 root 46697 Feb 22 13:34 dse.ldif.startOK -r--r-----. 1 slapd2 slapd 31515 Feb 22 13:34 dse_original.ldif -rw-rw----. 1 slapd2 slapd 16384 Feb 22 13:34 key3.db drwxrwx---. 2 slapd2 slapd 4096 Feb 22 13:34 schema -rw-rw----. 1 slapd2 slapd 16384 Feb 22 13:34 secmod.db -r--r-----. 1 slapd2 slapd 5366 Feb 22 13:34 slapd-collations.conf Pushed to master. Thanks to Rich for his review! Counting objects: 9, done. Delta compression using up to 2 threads. Compressing objects: 100% (5/5), done. Writing objects: 100% (5/5), 822 bytes, done. Total 5 (delta 4), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/admin.git 82b2fd2..f5a1e66 master -> master [root@rheltest ~]# ls -al /etc/dirsrv/slapd-rheltest total 340 drwxrwx---. 3 nobody nobody 4096 Jul 5 16:49 . drwxrwxr-x. 7 root nobody 4096 Jul 5 18:18 .. -rw-rw----. 1 nobody nobody 65536 Jul 5 16:49 cert8.db -r--r-----. 1 nobody nobody 3595 Jul 5 16:49 certmap.conf -rw-------. 1 nobody nobody 70198 Jul 5 16:49 dse.ldif -rw-------. 1 nobody nobody 69553 Jul 5 16:49 dse.ldif.bak -rw-------. 1 nobody root 45523 Jul 5 16:49 dse.ldif.startOK -r--r-----. 1 nobody nobody 31741 Jul 5 16:49 dse_original.ldif -rw-rw----. 1 nobody nobody 16384 Jul 5 16:49 key3.db drwxrwx---. 2 nobody nobody 4096 Jul 5 16:49 schema -rw-rw----. 1 nobody nobody 16384 Jul 5 16:49 secmod.db -r--r-----. 1 nobody nobody 5366 Jul 5 16:49 slapd-collations.conf [root@rheltest ~]# ls -al /etc/dirsrv/slapd-rheltest1 total 316 drwxrwx---. 3 nobody nobody 4096 Jul 5 18:18 . drwxrwxr-x. 7 root nobody 4096 Jul 5 18:18 .. -rw-rw----. 1 nobody nobody 65536 Jul 5 18:18 cert8.db -r--r-----. 1 nobody nobody 3595 Jul 5 18:18 certmap.conf -rw-------. 1 nobody nobody 57513 Jul 5 18:18 dse.ldif -rw-------. 1 nobody nobody 56932 Jul 5 18:18 dse.ldif.bak -rw-------. 1 nobody root 45594 Jul 5 18:18 dse.ldif.startOK -r--r-----. 1 nobody nobody 31808 Jul 5 18:18 dse_original.ldif -rw-rw----. 1 nobody nobody 16384 Jul 5 18:18 key3.db drwxrwx---. 2 nobody nobody 4096 Jul 5 18:18 schema -rw-rw----. 1 nobody nobody 16384 Jul 5 18:18 secmod.db -r--r-----. 1 nobody nobody 5366 Jul 5 18:18 slapd-collations.conf Hence VERIFIED |