1313411 – incorrect permissions on systemd .service files

Bug 1313411 - incorrect permissions on systemd .service files

Summary: incorrect permissions on systemd .service files

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-nova
Sub Component:
Version:	6.0 (Juno)
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	async
Target Release:	6.0 (Juno)
Assignee:	Michal Pryc
QA Contact:	Prasanth Anbalagan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1337177 1337178 1337180 1339488
TreeView+	depends on / blocked

Reported:	2016-03-01 14:53 UTC by GE Scott Knauss
Modified:	2019-11-14 07:31 UTC (History)
CC List:	19 users (show)
Fixed In Version:	openstack-nova-2014.2.3-73.el7ost
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1337177 1337178 1337180 (view as bug list)
Environment:	RHEL 7 Openstack 6
Last Closed:	2016-06-22 11:42:30 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1351729	0	unspecified	CLOSED	Configuration files are marked executable	2021-02-22 00:41:40 UTC
Red Hat Product Errata	RHBA-2016:1280	0	normal	SHIPPED_LIVE	openstack-nova bug fix advisory	2016-06-22 15:41:55 UTC

Internal Links: 1351729

Description GE Scott Knauss 2016-03-01 14:53:37 UTC

Description of problem:

/var/log/messages is being flooded with below messages on all nodes:
--
Feb 18 08:24:32 tb-compute-1 systemd: Configuration file /usr/lib/systemd/system/wpa_supplicant.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:24:32 tb-compute-1 systemd: Configuration file /usr/lib/systemd/system/ebtables.service is marked executable. Please remove executable permission bits. Proceeding anyway.
--

Additionally these messages are flooding on Controller nodes:
--
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-novncproxy.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-scheduler.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-api.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-metadata-api.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-console.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-consoleauth.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-xvpvncproxy.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-api.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-api.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-scheduler.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-scheduler.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-conductor.service is marked executable. Please remove executable permission bits. Proceeding anyway.
Feb 18 08:26:01 tb-controller-1 systemd: Configuration file /usr/lib/systemd/system/openstack-nova-conductor.service is marked executable. Please remove executable permission bits. Proceeding anyway.

Version-Release number of selected component (if applicable):

openstack-nova-2014.2.3-54.el7ost.src.rpm

How reproducible:

Steps to Reproduce:

1. Install latest nova packages for openstack 6
2. monitor logs

Actual results:

many errors in logs

Expected results:

no errors in logs

Additional info:

I've checked the spec files from all src.rpm packages from the latest openstack repo and only the openstack-nova package is installing service files with incorrect permissions. (755 vs 644)

Comment 2 Felipe Alfaro Solana 2016-05-05 15:08:56 UTC

This also happens in RHOSP7 (Kilo). And perhaps in RHOSP8 (Liberty).

Comment 8 Alan Pevec 2016-06-09 22:32:59 UTC

rpm-master review https://review.rdoproject.org/r/1352

Comment 10 Prasanth Anbalagan 2016-06-16 20:05:16 UTC

Verified as follows - Permission for nova .service files have been restored to 644 as like other component service files. Further, no error messages were observed in nova logs.

*********
VERSION
*********

[root@serverA ~]# yum list installed | grep openstack-nova
openstack-nova-api.noarch            2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-cert.noarch           2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-common.noarch         2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-compute.noarch        2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-conductor.noarch      2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-console.noarch        2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-novncproxy.noarch     2014.2.3-73.el7ost      @rhelosp-6.0-puddle
openstack-nova-scheduler.noarch      2014.2.3-73.el7ost      @rhelosp-6.0-puddle

***********
LOGS
***********

[root@serverA ~]# ls -l /usr/lib/systemd/system/*openstack*service
-rw-r--r--. 1 root root 274 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-alarm-evaluator.service
-rw-r--r--. 1 root root 274 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-alarm-notifier.service
-rw-r--r--. 1 root root 237 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-api.service
-rw-r--r--. 1 root root 253 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-central.service
-rw-r--r--. 1 root root 256 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-collector.service
-rw-r--r--. 1 root root 253 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-compute.service
-rw-r--r--. 1 root root 274 May 12 18:23 /usr/lib/systemd/system/openstack-ceilometer-notification.service
-rw-r--r--. 1 root root 307 Feb 28 17:23 /usr/lib/systemd/system/openstack-cinder-api.service
-rw-r--r--. 1 root root 316 Feb 28 17:23 /usr/lib/systemd/system/openstack-cinder-backup.service
-rw-r--r--. 1 root root 325 Feb 28 17:23 /usr/lib/systemd/system/openstack-cinder-scheduler.service
-rw-r--r--. 1 root root 316 Feb 28 17:23 /usr/lib/systemd/system/openstack-cinder-volume.service
-rw-r--r--. 1 root root 261 Feb  5 19:25 /usr/lib/systemd/system/openstack-glance-api.service
-rw-r--r--. 1 root root 271 Feb  5 19:25 /usr/lib/systemd/system/openstack-glance-registry.service
-rw-r--r--. 1 root root 267 Feb  5 19:25 /usr/lib/systemd/system/openstack-glance-scrubber.service
-rw-r--r--. 1 root root 242 May  6 05:57 /usr/lib/systemd/system/openstack-keystone.service
-rw-r--r--. 1 root root 571 Jun 15 22:33 /usr/lib/systemd/system/openstack-losetup.service
-rw-r--r--. 1 root root 195 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-api.service
-rw-r--r--. 1 root root 197 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-cert.service
-rw-r--r--. 1 root root 267 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-compute.service
-rw-r--r--. 1 root root 207 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-conductor.service
-rw-r--r--. 1 root root 216 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-consoleauth.service
-rw-r--r--. 1 root root 209 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-console.service
-rw-r--r--. 1 root root 213 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-metadata-api.service
-rw-r--r--. 1 root root 285 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-novncproxy.service
-rw-r--r--. 1 root root 207 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-scheduler.service
-rw-r--r--. 1 root root 197 Jun  9 16:59 /usr/lib/systemd/system/openstack-nova-xvpvncproxy.service
-rw-r--r--. 1 root root 286 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-auditor.service
-rw-r--r--. 1 root root 264 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-auditor@.service
-rw-r--r--. 1 root root 247 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-reaper.service
-rw-r--r--. 1 root root 262 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-reaper@.service
-rw-r--r--. 1 root root 322 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-replicator.service
-rw-r--r--. 1 root root 270 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account-replicator@.service
-rw-r--r--. 1 root root 282 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account.service
-rw-r--r--. 1 root root 297 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-account@.service
-rw-r--r--. 1 root root 255 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-auditor.service
-rw-r--r--. 1 root root 270 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-auditor@.service
-rw-r--r--. 1 root root 265 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-reconciler.service
-rw-r--r--. 1 root root 328 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-replicator.service
-rw-r--r--. 1 root root 276 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-replicator@.service
-rw-r--r--. 1 root root 288 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container.service
-rw-r--r--. 1 root root 303 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container@.service
-rw-r--r--. 1 root root 255 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-updater.service
-rw-r--r--. 1 root root 270 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-container-updater@.service
-rw-r--r--. 1 root root 283 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-auditor.service
-rw-r--r--. 1 root root 261 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-auditor@.service
-rw-r--r--. 1 root root 247 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-expirer.service
-rw-r--r--. 1 root root 319 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-replicator.service
-rw-r--r--. 1 root root 267 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-replicator@.service
-rw-r--r--. 1 root root 279 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object.service
-rw-r--r--. 1 root root 294 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object@.service
-rw-r--r--. 1 root root 246 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-updater.service
-rw-r--r--. 1 root root 261 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-object-updater@.service
-rw-r--r--. 1 root root 276 Jan 29 09:02 /usr/lib/systemd/system/openstack-swift-proxy.service

Comment 12 errata-xmlrpc 2016-06-22 11:42:30 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1280

Note You need to log in before you can comment on or make changes to this bug.