Bug 782925

Summary: ipa-client-install fails when not run as root
Product: Red Hat Enterprise Linux 6 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3CC: jgalipea, ksiddiqu, mkosek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-2.2.0-1.el6 Doc Type: Bug Fix
Doc Text:
No documentation needed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 13:29:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Pal 2012-01-18 21:13:09 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2123

ipa-client-install fails when not run as root and returns traceback

reproducible:
run ipa-client-install without root privileges


{{{
Traceback (most recent call last):
  File "/usr/sbin/ipa-client-install", line 1282, in <module>
    sys.exit(main())
  File "/usr/sbin/ipa-client-install", line 1247, in main
    logging_setup(options)
  File "/usr/sbin/ipa-client-install", line 142, in logging_setup
    filemode='w')
  File "/usr/lib64/python2.7/logging/__init__.py", line 1511, in basicConfig
    hdlr = FileHandler(filename, mode)
  File "/usr/lib64/python2.7/logging/__init__.py", line 893, in __init__
    StreamHandler.__init__(self, self._open())
  File "/usr/lib64/python2.7/logging/__init__.py", line 912, in _open
    stream = open(self.baseFilename, self.mode)
IOError: [Errno 13] Permission denied: '/var/log/ipaclient-install.log'
}}}

It tries to initialize/write a log file in '/var/log/...' before it's checked whether the user is root.

Could be easily solved by moving the 'root check' before log file initialization.
Comment 1 Martin Kosek 2012-01-19 09:53:30 UTC 
Fixed upstream:

master: bf57388e54261874f3a4c8d77de4e7993f7f62ed
ipa-2-1: 9eb703f408b01ece30e57e844bc533e3e459fb2c
Comment 3 Kaleem 2012-04-19 13:53:52 UTC 
Verified.

Now traceback is not there and only error message is displayed.


[testuser@dhcp201-184 ~]$ ipa-client-install --domain=testrelm.com --realm=TESTRELM.COM -p admin -w Secret123 -U --server=ipa63server.testrelm.com

You must be root to run ipa-client-install.

[testuser@dhcp201-184 ~]$ rpm -q ipa-client
ipa-client-2.2.0-10.el6.x86_64
[testuser@dhcp201-184 ~]$
Comment 5 Martin Kosek 2012-04-20 11:02:19 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 7 errata-xmlrpc 2012-06-20 13:29:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html