RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Also affects el7

+++ This bug was initially created as a clone of Bug #1118262 +++

Description of problem:
If I change log_group parameter in /etc/audit/auditd.conf, according to manpage I should send SIGHUP signal to auditd process. But group owner is not changed after this call. Other paramaters like log_file are changed correctly.
Only way how can I use new configuration is call 'service auditd restart', but this is not possible on el7.


Version-Release number of selected component (if applicable):
Name        : audit
Arch        : x86_64
Version     : 2.2
Release     : 2.el6
Size        : 956 k
Repo        : installed
From repo   : sl6


How reproducible:


Steps to Reproduce:
1. change log_group in conf file
2. 'killall -s SIGHUP auditd'
3. check log file group owner

Actual results:


Expected results:


Additional info:

--- Additional comment from Lubomir Rintel on 2014-07-10 08:23:41 EDT ---

Patch: https://bugzilla.redhat.com/attachment.cgi?id=917052

May I ask you what's status of this bug?

As written on https://bugzilla.redhat.com/show_bug.cgi?id=1118262#c3, it would be very helpful for us to either accept the patch mentioned in comment #1 which fixes "killall -HUP auditd" after change of log_group parameter or mention in documentation (manpage) that after change of this parameter, auditd must be restarted and SIGHUP isn't sufficient.

Btw from my POV patch is pretty simple and admins tend to think that "if daemon supports reload via SIGHUP, I can change anything in conf and send SIGHUP and configuration will be changed". Even in this case it is chgrp...

This bug is being closed as a duplicate of 1118262. Its being worked on the other bug. Thanks for reporting the issue.

*** This bug has been marked as a duplicate of bug 1118262 ***