| Summary: | /var/log/tomcat6/catalina.out owned by pkiuser | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | John Dennis <jdennis> | ||||
| Component: | pki-core | Assignee: | Matthew Harmsen <mharmsen> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 6.1 | CC: | alee, benl, dpal, edewata, jgalipea, ksiddiqu | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | 693815 | Environment: | |||||
| Last Closed: | 2011-12-06 16:28:58 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Bug Depends On: | 693815 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
John Dennis
2011-04-05 17:25:59 UTC
Background: This problem was first observed when candlepin (https://home.corp.redhat.com/wiki/entitlement-home) was being tested. Canldepin also has a tomcat6 instance. It does not appear as of the moment that candlepin server will be in RHEL 6.1. However this bug has the potential to affect any other tomcat6 instance which might get installed and as such it would be prudent to have the fix be in RHEL 6.1 even if candlepin is not in RHEL 6.1 Since RHEL 6.1 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. What should be the ownership of the file? It should be owned by the tomcat user, e.g. $ id tomcat uid=91(tomcat) gid=91(tomcat) groups=91(tomcat) It's probably also ok if it's owned by root. Either one would be acceptable. Just as a clarification, the $TOMCAT_USER in in the above shell snippet is NOT necessarily the same as the tomcat user uid (ie. the uid of the package owner) which is what prompted the bug in the first place. The $TOMCAT_USER in the shell snippet refers to the tomcat instance owner. Created attachment 516935 [details] patch to fix This attachment replicates the changes documented via attachment 790027 [details] which has been applied and tested on the TIP. Comment on attachment 516935 [details] patch to fix This attachment replicates the changes documented via attachment 490027 [details] which has been applied and tested on the TIP. IPA_v2_RHEL_6_ERRATA_BRANCH: # cd pki # svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M base/ca/shared/conf/tomcat6.conf M base/setup/pkicreate M base/tks/shared/conf/tomcat6.conf M base/ocsp/shared/conf/tomcat6.conf M base/kra/shared/conf/tomcat6.conf # svn commit Sending base/ca/shared/conf/tomcat6.conf Sending base/kra/shared/conf/tomcat6.conf Sending base/ocsp/shared/conf/tomcat6.conf Sending base/setup/pkicreate Sending base/tks/shared/conf/tomcat6.conf Transmitting file data ..... Committed revision 2114. IPA_v2_RHEL_6_ERRATA_BRANCH: # cd pki # svn update # svn info | grep Revision Revision: 2114 Extrapolating from Bugzilla Bug #691076: ./pki/scripts/pki_patch_maker 2113 2114 pki-core 9.0.3 pki-core-9.0.3-r2114.patch Backout changes to KRA, OCSP, and TKS and reapply them back one at a time to make the creation of patches easier: # cd pki/base # svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M tks/shared/conf/tomcat6.conf M ocsp/shared/conf/tomcat6.conf M kra/shared/conf/tomcat6.conf # svn commit Sending base/kra/shared/conf/tomcat6.conf Sending base/ocsp/shared/conf/tomcat6.conf Sending base/tks/shared/conf/tomcat6.conf Transmitting file data ... Committed revision 2116. Backout changes to CA and SETUP and reapply them back to make the creation of the patches easier: Backout: # cd pki/base # svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/shared/conf/tomcat6.conf M setup/pkicreate # svn commit Sending base/ca/shared/conf/tomcat6.conf Sending base/setup/pkicreate Transmitting file data .. Committed revision 2117. Reapply: # cd pki/base # svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M ca/shared/conf/tomcat6.conf M setup/pkicreate # svn commit Sending base/ca/shared/conf/tomcat6.conf Sending base/setup/pkicreate Transmitting file data .. Committed revision 2118. Recreating the 'pki-core' patch: IPA_v2_RHEL_6_ERRATA_BRANCH: # cd pki # svn update # svn info | grep Revision Revision: 2118 Extrapolating from Bugzilla Bug #691076: ./pki/scripts/pki_patch_maker 2113 2118 pki-core 9.0.3 pki-core-9.0.3-r2118.patch IPA_v2_RHEL_6_ERRATA_BRANCH: # cd pki # svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? A patches/pki-core-9.0.3-r2118.patch M specs/pki-core.spec # svn commit Adding patches/pki-core-9.0.3-r2118.patch Sending specs/pki-core.spec Transmitting file data .. Committed revision 2119. Reapply changes back to KRA to make the creation of the patch easier: # cd pki # svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M base/kra/shared/conf/tomcat6.conf # svn commit Sending base/kra/shared/conf/tomcat6.conf Transmitting file data . Committed revision 2120. Reapply changes back to OCSP to make the creation of the patch easier: # cd pki # svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M base/ocsp/shared/conf/tomcat6.conf # svn commit Sending base/ocsp/shared/conf/tomcat6.conf Transmitting file data . Committed revision 2121. Reapply changes back to TKS to make the creation of the patch easier: # cd pki # svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M base/tks/shared/conf/tomcat6.conf # svn commit Sending base/tks/shared/conf/tomcat6.conf Transmitting file data . Committed revision 2122. In regards to Comments 13, 14, and 15: The './pki/scripts/pki_patch_maker' script correctly ONLY creates patches for the following components: Usage: ./pki/scripts/pki_patch_maker <startrev> <endrev> <srpm> <basever> where: <startrev> is the starting SVN revision <endrev> is the ending SVN revision <srpm> is one of the following: ipa-pki-theme pki-core <basever> is the version of the specified <srpm> IMPORTANT: Successful use of this script relies upon separation of 'pki-core' and 'ipa-pki-theme' check-ins. All patch files automatically produced by this script should be applied and tested thoroughly before being accepted as proper patches. As a consequence of this behavior, NO patches will be created for the 'pki-kra', 'pki-ocsp', or 'pki-tks' components, AND when the next PATCH is created (e. g. - 'pki-core'), the following syntax will need to be utilized to successfully skip past the three previous check-ins: Extrapolating from Bugzilla Bug #691076: ./pki/scripts/pki_patch_maker 2122 <endref> pki-core 9.0.3 Updated 'spec' files for pki-kra, pki-ocsp, and pki-tks even though these components will never exist for RHEL 6.2: # cd pki # svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^? M specs/pki-kra.spec M specs/pki-tks.spec M specs/pki-ocsp.spec # svn commit Sending specs/pki-kra.spec Sending specs/pki-ocsp.spec Sending specs/pki-tks.spec Transmitting file data ... Committed revision 2123. Verified. Now /var/log/tomcat6/catalina is owned by tomcat. [root@dhcp201-155 tomcat6]# ls -la /var/log/tomcat6/catalina.out -rw-r--r--. 1 tomcat tomcat 0 Apr 29 2011 /var/log/tomcat6/catalina.out [root@dhcp201-155 tomcat6]# pki-ca version: pki-ca-9.0.3-20.el6.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1655.html |