Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1091150

Summary: engine-config errors when used by non-root
Product: Red Hat Enterprise Virtualization Manager Reporter: Martin Perina <mperina>
Component: ovirt-engine-configAssignee: Martin Perina <mperina>
Status: CLOSED CURRENTRELEASE QA Contact: Petr Matyáš <pmatyas>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.3.0CC: aberezin, acathrow, bazulay, gklein, iheim, oourfali, Rhev-m-bugs, yeylon
Target Milestone: ---   
Target Release: 3.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Non root user doesn't have access to default oVirt/RHEVM logging directory, so the engine-config execution failed. Result: Now engine-config doesn't log anything by default. If you want to allow logging you have to specify following command line arguments: --log-file=LOG_FILE Sets file to write logging into (if not set nothing is logged). --log-level=LOG_LEVEL Sets log level, one of DEBUG, INFO, WARN, ERROR (case insensitive). --log4j-config=XML_FILE Sets log4j.xml file which logging configuration is loaded from. This should be used only if user want to enter completely custom logging configuration (it's not needed for --log-file and --log-level arguments, but it can be combined with them)
 Story Points: ---
Clone Of: 1063901 Environment:
Last Closed: 2014-06-12 14:05:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1063901    
Bug Blocks:    

Description Martin Perina 2014-04-25 04:02:57 UTC 
+++ This bug was initially created as a clone of Bug #1063901 +++

Description of problem:
When running engine-config as non-root user, you get file access errors.

Steps to Reproduce:
1. Switch to non root user
2. engine-config -l

Actual results:
[ovirt@vm-17-155 ~]$ engine-config -l
log4j:ERROR setFile(null,true) call failed.
java.io.FileNotFoundException: /var/log/ovirt-engine/engine-config.log (Permission denied)
        at java.io.FileOutputStream.open(Native Method)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:221)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:142)
        at org.apache.log4j.FileAppender.setFile(FileAppender.java:294)
        at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:207)
        at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:165)
        at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:307)
        at org.apache.log4j.xml.DOMConfigurator.parseAppender(DOMConfigurator.java:295)
        at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurator.java:176)
        at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfigurator.java:191)
        at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.java:523)
        at org.apache.log4j.xml.DOMConfigurator.parseRoot(DOMConfigurator.java:492)
        at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:1001)
        at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:867)
        at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:773)
        at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:483)
        at org.apache.log4j.LogManager.<clinit>(LogManager.java:127)
        at org.apache.log4j.Logger.getLogger(Logger.java:117)
        at org.ovirt.engine.core.config.EngineConfig.<clinit>(EngineConfig.java:22)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:270)
        at org.jboss.modules.Module.run(Module.java:247)
        at org.jboss.modules.Main.main(Main.java:291)
log4j:ERROR setFile(null,true) call failed.
java.io.FileNotFoundException: /var/log/ovirt-engine/engine-config.log (Permission denied)
        at java.io.FileOutputStream.open(Native Method)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:221)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:142)
        at org.apache.log4j.FileAppender.setFile(FileAppender.java:294)
        at org.apache.log4j.RollingFileAppender.setFile(RollingFileAppender.java:207)
        at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:165)
        at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:307)
        at org.apache.log4j.xml.DOMConfigurator.parseAppender(DOMConfigurator.java:295)
        at org.apache.log4j.xml.DOMConfigurator.findAppenderByName(DOMConfigurator.java:176)
        at org.apache.log4j.xml.DOMConfigurator.findAppenderByReference(DOMConfigurator.java:191)
        at org.apache.log4j.xml.DOMConfigurator.parseChildrenOfLoggerElement(DOMConfigurator.java:523)
        at org.apache.log4j.xml.DOMConfigurator.parseRoot(DOMConfigurator.java:492)
        at org.apache.log4j.xml.DOMConfigurator.parse(DOMConfigurator.java:1001)
        at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:867)
        at org.apache.log4j.xml.DOMConfigurator.doConfigure(DOMConfigurator.java:773)
        at org.apache.log4j.xml.DOMConfigurator.configure(DOMConfigurator.java:901)
        at org.ovirt.engine.core.config.EngineConfig.initLogging(EngineConfig.java:63)
        at org.ovirt.engine.core.config.EngineConfig.main(EngineConfig.java:77)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.jboss.modules.Module.run(Module.java:260)
        at org.jboss.modules.Main.main(Main.java:291)
AbortMigrationOnError: "Optionally abort an ongoing migration on any error" (Value Type: Boolean)
.....

Expected results:
Block non-root usage or avoid the error.

--- Additional comment from Itamar Heim on 2014-02-16 03:23:39 EST ---

Setting target release to current version for consideration and review. please
do not push non-RFE bugs to an undefined target release to make sure bugs are
reviewed for relevancy, fix, closure, etc.

--- Additional comment from Alon Bar-Lev on 2014-02-20 05:13:54 EST ---

This is expected, engine-config cannot be run as non root, it should access database credentials and logging.

In sane packaging, this utility should have been in sbin and not bin, but we cannot fix the entire world now, it will be done at next major.

--- Additional comment from Doron Fediuck on 2014-02-25 11:20:31 EST ---

Why not block non-root users?

--- Additional comment from Alon Bar-Lev on 2014-02-25 11:25:12 EST ---

(In reply to Doron Fediuck from comment #3)
> Why not block non-root users?

you can, not sure why it worth effort, nor limiting root at acl based system, nor why it is better than just not write into log and have permission error when try to read config.

--- Additional comment from Doron Fediuck on 2014-02-25 11:27:55 EST ---

Any of the above are better than current behavior of ugly stack trace and no
explanation on the root cause of the problem.

--- Additional comment from Sven Kieske on 2014-02-28 10:49:27 EST ---

(In reply to Alon Bar-Lev from comment #4)
> (In reply to Doron Fediuck from comment #3)
> > Why not block non-root users?
> 
> you can, not sure why it worth effort, nor limiting root at acl based
> system, nor why it is better than just not write into log and have
> permission error when try to read config.

it is always better to not just put an error into a log file
when an interactive program is called directly from a person.
because the person might wonder what just happened and may have no
clue in which log to look and may not be familiar with reading java stack
traces.

just make a simple check if you are running as root and display a proper
warning message if not.

this is old good programming practice, even in bash scripts and should
not take more than 5 minutes to implement.

please reopen.

--- Additional comment from Alon Bar-Lev on 2014-02-28 16:18:32 EST ---

Please do not write to /var/log in engine-config tool.

To consider: I am unsure why this tool cannot be written using simple python script...

--- Additional comment from Sandro Bonazzola on 2014-03-04 04:18:20 EST ---

This is an automated message.
Re-targeting all non-blocker bugs still open on 3.4.0 to 3.4.1.
Comment 1 Martin Perina 2014-04-25 04:07:17 UTC 
Fixed In Version: org.ovirt.engine-root-3.4.0-14
Build ID: av7
Comment 2 Itamar Heim 2014-06-12 14:05:17 UTC 
Closing as part of 3.4.0