Bug 684881
Summary: | In RHEL5, non-privileged users can receive incorrect service status information | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Vince Worthington <vincew> |
Component: | SysVinit | Assignee: | Petr Lautrbach <plautrba> |
Status: | CLOSED ERRATA | QA Contact: | qe-baseos-daemons |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.6 | CC: | azelinka, jscotka, jwest, notting, pvn, rvokal |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | SysVinit-2.86-17.el5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-07-21 11:01:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vince Worthington
2011-03-14 17:25:20 UTC
I think what you're looking for is a backport of the fix for #230829? Assigning to sysvinit. (Note that there are still occasions where non-root might get incorrect status - unreadable pid files, etc.) Hi Bill, What we'd ideally like to see is behavior like rsyslog in F14: novarese@gyrados /home/novarese/> service rsyslog status rsyslogd status unknown due to insufficient privileges. The pidof issue is just a contributing factor. The real issue here is the service scripts returning incorrect info. If the script needs privileges to return a correct status then it should output an appropriate message and exit with a non-zero code (IMO). This seems like basic fail-safe philosophy regardless of whether the LSB spec mandates any particular behavior in cases where non-root users query status or not. Thanks, --pvn That would be backporting de8b2aed329ea2e3c087bc25764fc1779a83fafc and c9486ffd2452e83dc7ffa756b509ead3db698d9f, as well as the SysVinit change. Note that this changes the return code/behavior of a couple of init.d/functions functions in that case. It *shouldn't* break anything, but... An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-1040.html |