Bug 734851

Summary: service katello start - Permission denied
Product: Red Hat Satellite Reporter: Lukas Zapletal <lzap>
Component: PackagingAssignee: Lukas Zapletal <lzap>
Status: CLOSED CURRENTRELEASE QA Contact: Katello QA List <katello-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.0.0CC: cwelton
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-22 17:54:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 747354    

Description Lukas Zapletal 2011-08-31 15:54:50 UTC 
/usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/server.rb:208:in `initialize': Permission denied - /usr/share/katello/tmp/pids/server.pid (Errno::EACCES)
        from /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/server.rb:208:in `open'
        from /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/server.rb:208:in `write_pid'
        from /usr/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/server.rb:154:in `start'
        from /usr/lib/ruby/gems/1.8/gems/railties-3.0.5/lib/rails/commands/server.rb:65:in `start'
        from /usr/lib/ruby/gems/1.8/gems/railties-3.0.5/lib/rails/commands.rb:30
        from /usr/lib/ruby/gems/1.8/gems/railties-3.0.5/lib/rails/commands.rb:27:in `tap'
        from /usr/lib/ruby/gems/1.8/gems/railties-3.0.5/lib/rails/commands.rb:27
        from /usr/share/katello/script/rails:81:in `require'
        from /usr/share/katello/script/rails:81
=> Booting WEBrick
Comment 1 Lukas Zapletal 2011-08-31 15:55:35 UTC 
Do not run katello under root "by hand".

I will add check or erase pid prior starting to prevent from this behavior.
Comment 2 Lukas Zapletal 2011-08-31 16:05:07 UTC 
Implemented a simple check:

4dff421 734851 - service katello start - Permission denied

check_privilege() {
    runuser -s /bin/sh ${KATELLO_USER} -c "echo x > /dev/null" 2> /dev/null || RETVAL=4
    if [ $RETVAL = 4 ]; then
        echo "User had insufficient privilege";
        exit $RETVAL
    fi
}

Example session:

[root@dea ~]# touch /var/lib/katello/tmp/pids/server.pid

[root@dea ~]# service katello start
Incorrect permissions, please do not run katello as root
Correct permission of all log files and pid file to 'katello' user:
chown katello:katello /usr/share/katello/tmp/pids/server.pid
chown -R katello:katello /var/lib/katello

[root@dea ~]# rm /var/lib/katello/tmp/pids/server.pid
rm: remove regular empty file `/var/lib/katello/tmp/pids/server.pid'? y

[root@dea ~]# service katello start
Starting katello: ....................................
Comment 3 Corey Welton 2011-09-23 17:30:23 UTC 
QA Verified.