Bug 676044

Summary: ipactl status: non-root use gets bogus information and some error trace information
Product: [Retired] freeIPA Reporter: Yi Zhang <yzhang>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: low Docs Contact:
Priority: unspecified    
Version: 2.0CC: benl, dpal, jgalipea
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freeipa-2.1.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-27 07:22:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yi Zhang 2011-02-08 17:24:31 UTC 
Description of problem:

When run "ipactl status" as non-root user, I get the following output:
[yi@works4me ~]$ ipactl status
Directory Service: STOPPED
Error retrieving list of services {'info': 'SASL EXTERNAL bind requires an SSL connection', 'desc': 'Inappropriate authentication'}
Is IPA installed ?
Failed to get list of services to probe status



When I run same command as root (via sudo), I get the following:

[yi@works4me ~]$ sudo ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING


Personal opinion: (because I don't see a general guideline anywhere)

1. the status output for Directory server is wrong
2. error trace information shouldn't be there
3. should not ask "Is IPA installed" if there is permission problem

Version-Release number of selected component (if applicable):freeipa-server-2.0-0.2011020119gitec59e61.fc14.i686


How reproducible: always


Steps to Reproduce:
1. just run "ipactl status" as regular unix user
Comment 1 Dmitri Pal 2011-02-08 17:30:48 UTC 
Didn't we already have this issue reported?
Comment 2 Dmitri Pal 2011-02-09 14:49:00 UTC 
https://fedorahosted.org/freeipa/ticket/936
Comment 6 Rob Crittenden 2011-02-15 17:45:37 UTC 
Note that /sbin/service dirsrv status returns similar results:

/etc/sysconfig/dirsrv: line 50: ulimit: open files: cannot modify limit: Operation not permitted
dirsrv GREYOAK-COM is stopped
dirsrv PKI-IPA is stopped
/etc/sysconfig/dirsrv: line 50: ulimit: open files: cannot modify limit: Operation not permitted
dirsrv GREYOAK-COM is stopped
dirsrv PKI-IPA is stopped

We can't really do much better than the underlying services.

This is not a trace, it is just an ugly log message.
Comment 7 Dmitri Pal 2011-02-23 20:13:37 UTC 
master: aab27a76e2d847533aab7632c657aa88fdd86f7a
Comment 8 Jenny Severance 2011-03-01 20:30:16 UTC 
Verified

version:
ipa-server-2.0.0-13.20110228T1743zgit99d6e08.el6.x86_64

-sh-4.1$ ipactl status

You must be root to run ipactl.

-sh-4.1$ echo $?
1