Bug 738768
Summary: | initscript marked as %config incorrectly | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Don Hoover <donhoover> |
Component: | openldap | Assignee: | Jan Vcelak <jvcelak> |
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.6 | CC: | jplans, jvcelak, omoris, ovasik, tsmetana |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openldap-2.3.43-23.el5 | Doc Type: | Bug Fix |
Doc Text: |
- openldap-servers installed, manual modification of ldap initscript performed
- when the package is upgraded, ldap init script is not overwritten by the new version because the initscript is incorrectly marked as a configuration file
- updated specfile to reflect, that ldap initscript is not a configuration file
- upgrade of openldap-servers package will overwrite ldap initscript with a new version when there were some local modifications
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2012-02-21 05:29:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Don Hoover
2011-09-15 18:20:11 UTC
There were no recent changes in the ldap initscript. And looking into the source, I cannot see the place where it might happen. And I do not manage to reproduce it either. [root@rhel5 ~]# rpm -q openldap-servers openldap-servers-2.3.43-12.el5_6.5 [root@rhel5 ~]# rpm -qV openldap-servers S.5....T c /etc/openldap/slapd.conf [root@rhel5 ~]# service ldap status slapd is stopped [root@rhel5 ~]# mount | grep /tmp /dev/null on /tmp type tmpfs (rw,noexec) [root@rhel5 ~]# ll /tmp/script.sh -rwxr-xr-x 1 root root 23 Sep 16 13:58 /tmp/script.sh [root@rhel5 ~]# /tmp/script.sh -bash: /tmp/script.sh: /bin/bash: bad interpreter: Permission denied [root@rhel5 ~]# service ldap start Checking configuration files for slapd: config file testing succeeded [ OK ] Starting slapd: [ OK ] [root@rhel5 ~]# service ldap status slapd (pid 3419) is running... [root@rhel5 ~]# ps -ef | grep slapd ldap 3419 1 0 14:08 ? 00:00:00 /usr/sbin/slapd -h ldap:/// -u ldap root 3435 2739 0 14:08 pts/0 00:00:00 grep slapd [root@rhel5 ~]# I need more information: 1.) what is the version of openldap you updated from? 2.) # rpm -qV openldap-servers 3.) # sh -x /etc/init.d/ldap start You are totally correct. The offending lines in my init script on this box: ------------------------------------------------------- # Build a wrapper script to exec slapd with the right arguments, to # avoid being tripped out by changes or weirdness in how daemon() # handles quoted arguments. wrapper=`mktemp ${TMP:-/tmp}/start-slapd.XXXXXX` harg="ldap:///" if grep -q ^TLS /etc/openldap/slapd.conf || test x$SLAPD_LDAPS = xyes ; then harg="$harg ldaps:///" fi if test x$SLAPD_LDAPI = xyes ; then harg="$harg ldapi:///" fi if test -z "$wrapper" ; then return 1 fi cat >> $wrapper <<- EOF exec ${slapd} -h "$harg" -u ${user} $OPTIONS $SLAPD_OPTIONS EOF chmod u+x $wrapper trap "rm -f $wrapper" EXIT # Start daemons. echo -n $"Starting $prog: " daemon --check=$prog $wrapper ------------------------------------------------------- Granted, this system was first installed in 2008. I am guessing this is a left over from a previous version of openldap-servers. I did a "yum reinstall openldap-servers" and it did not replace the /etc/init.d/ldap script with the current one or create a .rpmnew/.rpmold file or anything like that. I am guessing this ldap init file is from a previews version of the rpm sometime in the RHEL5.x tree. However, I do think the openldap-servers package probably should be updating the initscript with its own version to handle this sort of thing and keep the init script in sync with the software. Apologies to whoever manages the CURRENT init script. FYI.. I went through the logs, this box was INSTALLED as a RHEL 5.1 and has been going strong all the way through now on RHEL 5.6. Not a bad service record, all things considered. I see in the spec that the initscript is incorrectly marked as %config. Easy fix. --- openldap.spec 29 Aug 2011 13:54:06 -0000 1.114 +++ openldap.spec 16 Sep 2011 19:40:45 -0000 @@ -842,7 +842,7 @@ %doc TOOLS.migration %doc $RPM_SOURCE_DIR/README.upgrading $RPM_SOURCE_DIR/guide.html %ghost %config %{_sysconfdir}/pki/tls/certs/slapd.pem -%attr(0755,root,root) %config %{_sysconfdir}/rc.d/init.d/ldap +%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/ldap %attr(0640,root,ldap) %config(noreplace) %{_sysconfdir}/openldap/slapd.conf %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/ldap %attr(0640,root,ldap) %{_sysconfdir}/openldap/DB_CONFIG.example Resolved in openldap-2.3.43-23.el5 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: - openldap-servers installed, manual modification of ldap initscript performed - when the package is upgraded, ldap init script is not overwritten by the new version because the initscript is incorrectly marked as a configuration file - updated specfile to reflect, that ldap initscript is not a configuration file - upgrade of openldap-servers package will overwrite ldap initscript with a new version when there were some local modifications Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0155.html |