Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1118313 - [PATCH] Audit daemon will not change group ownership from configuration file after SIGHUP
Summary: [PATCH] Audit daemon will not change group ownership from configuration file ...
Status: CLOSED DUPLICATE of bug 1118262
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: audit
Version: 7.0
Hardware: x86_64
OS: Linux
Target Milestone: rc
: ---
Assignee: Steve Grubb
QA Contact: BaseOS QE Security Team
Depends On: 1118262
TreeView+ depends on / blocked
Reported: 2014-07-10 12:25 UTC by Lubomir Rintel
Modified: 2016-06-29 14:39 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1118262
Last Closed: 2016-06-29 14:39:41 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Lubomir Rintel 2014-07-10 12:25:33 UTC
Also affects el7

+++ This bug was initially created as a clone of Bug #1118262 +++

Description of problem:
If I change log_group parameter in /etc/audit/auditd.conf, according to manpage I should send SIGHUP signal to auditd process. But group owner is not changed after this call. Other paramaters like log_file are changed correctly.
Only way how can I use new configuration is call 'service auditd restart', but this is not possible on el7.

Version-Release number of selected component (if applicable):
Name        : audit
Arch        : x86_64
Version     : 2.2
Release     : 2.el6
Size        : 956 k
Repo        : installed
From repo   : sl6

How reproducible:

Steps to Reproduce:
1. change log_group in conf file
2. 'killall -s SIGHUP auditd'
3. check log file group owner

Actual results:

Expected results:

Additional info:

--- Additional comment from Lubomir Rintel on 2014-07-10 08:23:41 EDT ---

Comment 1 Lubomir Rintel 2014-07-10 12:25:46 UTC
Patch: https://bugzilla.redhat.com/attachment.cgi?id=917052

Comment 4 Adam Tkac 2016-05-17 11:35:40 UTC
May I ask you what's status of this bug?

As written on https://bugzilla.redhat.com/show_bug.cgi?id=1118262#c3, it would be very helpful for us to either accept the patch mentioned in comment #1 which fixes "killall -HUP auditd" after change of log_group parameter or mention in documentation (manpage) that after change of this parameter, auditd must be restarted and SIGHUP isn't sufficient.

Btw from my POV patch is pretty simple and admins tend to think that "if daemon supports reload via SIGHUP, I can change anything in conf and send SIGHUP and configuration will be changed". Even in this case it is chgrp...

Comment 5 Steve Grubb 2016-06-29 14:39:41 UTC
This bug is being closed as a duplicate of 1118262. Its being worked on the other bug. Thanks for reporting the issue.

*** This bug has been marked as a duplicate of bug 1118262 ***

Note You need to log in before you can comment on or make changes to this bug.