Bug 1063901
| Summary: | engine-config errors when used by non-root | |||
|---|---|---|---|---|
| Product: | [Retired] oVirt | Reporter: | Doron Fediuck <dfediuck> | |
| Component: | ovirt-engine-config | Assignee: | Martin Perina <mperina> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | bugs <bugs> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 3.4 | CC: | acathrow, alonbl, bazulay, emesika, gklein, iheim, s.kieske, yeylon | |
| Target Milestone: | --- | Keywords: | Reopened | |
| Target Release: | 3.4.1 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | infra | |||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
Cause:
Non root user doesn't have access to default oVirt/RHEVM logging directory, so the engine-config execution failed.
Result:
Now engine-config doesn't log anything by default. If you want to allow logging you have to specify following command line arguments:
--log-file=LOG_FILE
Sets file to write logging into (if not set nothing is logged).
--log-level=LOG_LEVEL
Sets log level, one of DEBUG, INFO, WARN, ERROR (case insensitive).
--log4j-config=XML_FILE
Sets log4j.xml file which logging configuration is loaded from. This should be used only if user want to enter completely custom logging configuration (it's not needed for --log-file and --log-level arguments, but it can be combined with them)
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1091150 (view as bug list) | Environment: | ||
| Last Closed: | 2014-05-08 13:36:10 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1091150 | |||
Setting target release to current version for consideration and review. please do not push non-RFE bugs to an undefined target release to make sure bugs are reviewed for relevancy, fix, closure, etc. This is expected, engine-config cannot be run as non root, it should access database credentials and logging. In sane packaging, this utility should have been in sbin and not bin, but we cannot fix the entire world now, it will be done at next major. Why not block non-root users? (In reply to Doron Fediuck from comment #3) > Why not block non-root users? you can, not sure why it worth effort, nor limiting root at acl based system, nor why it is better than just not write into log and have permission error when try to read config. Any of the above are better than current behavior of ugly stack trace and no explanation on the root cause of the problem. (In reply to Alon Bar-Lev from comment #4) > (In reply to Doron Fediuck from comment #3) > > Why not block non-root users? > > you can, not sure why it worth effort, nor limiting root at acl based > system, nor why it is better than just not write into log and have > permission error when try to read config. it is always better to not just put an error into a log file when an interactive program is called directly from a person. because the person might wonder what just happened and may have no clue in which log to look and may not be familiar with reading java stack traces. just make a simple check if you are running as root and display a proper warning message if not. this is old good programming practice, even in bash scripts and should not take more than 5 minutes to implement. please reopen. Please do not write to /var/log in engine-config tool. To consider: I am unsure why this tool cannot be written using simple python script... This is an automated message. Re-targeting all non-blocker bugs still open on 3.4.0 to 3.4.1. This is an automated message oVirt 3.4.1 has been released: * should fix your issue * should be available at your local mirror within two days. If problems still persist, please make note of it in this bug report. |
Description of problem: When running engine-config as non-root user, you get file access errors. Steps to Reproduce: 1. Switch to non root user 2. engine-config -l Actual results: [ovirt@vm-17-155 ~]$ engine-config -l log4j:ERROR setFile(null,true) call failed. java.io.FileNotFoundException: /var/log/ovirt-engine/engine-config.log (Permission denied) at java.io.FileOutputStream.open(Native Method) at java.io.FileOutputStream.<init>(FileOutputStream.java:221) at java.io.FileOutputStream.<init>(FileOutputStream.java:142) at org.apache.log4j.FileAppender.setFile(FileAppender.java:294) at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:207) at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:165) at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:307) at org.apache.log4j.xml.DOMConfigurator.parseAppender(DOMConfigurator.java:295) at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurator.java:176) at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfigurator.java:191) at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.java:523) at org.apache.log4j.xml.DOMConfigurator.parseRoot(DOMConfigurator.java:492) at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:1001) at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:867) at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:773) at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:483) at org.apache.log4j.LogManager.<clinit>(LogManager.java:127) at org.apache.log4j.Logger.getLogger(Logger.java:117) at org.ovirt.engine.core.config.EngineConfig.<clinit>(EngineConfig.java:22) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:270) at org.jboss.modules.Module.run(Module.java:247) at org.jboss.modules.Main.main(Main.java:291) log4j:ERROR setFile(null,true) call failed. java.io.FileNotFoundException: /var/log/ovirt-engine/engine-config.log (Permission denied) at java.io.FileOutputStream.open(Native Method) at java.io.FileOutputStream.<init>(FileOutputStream.java:221) at java.io.FileOutputStream.<init>(FileOutputStream.java:142) at org.apache.log4j.FileAppender.setFile(FileAppender.java:294) at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:207) at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:165) at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:307) at org.apache.log4j.xml.DOMConfigurator.parseAppender(DOMConfigurator.java:295) at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurator.java:176) at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfigurator.java:191) at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.java:523) at org.apache.log4j.xml.DOMConfigurator.parseRoot(DOMConfigurator.java:492) at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:1001) at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:867) at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:773) at org.apache.log4j.xml.DOMConfigurator.configure(DOMConfigurator.java:901) at org.ovirt.engine.core.config.EngineConfig.initLogging(EngineConfig.java:63) at org.ovirt.engine.core.config.EngineConfig.main(EngineConfig.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:260) at org.jboss.modules.Main.main(Main.java:291) AbortMigrationOnError: "Optionally abort an ongoing migration on any error" (Value Type: Boolean) ..... Expected results: Block non-root usage or avoid the error.