Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1364113 - ipa-password: ipa: ERROR: RuntimeError: Unable to create cache directory: [Errno 13] Permission denied: '/home/test_user'
ipa-password: ipa: ERROR: RuntimeError: Unable to create cache directory: [Er...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Kaleem
Aneta Šteflová Petrová
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-04 09:49 EDT by Sudhir Menon
Modified: 2016-11-04 02:00 EDT (History)
3 users (show)

See Also:
Fixed In Version: ipa-4.4.0-8.el7
Doc Type: Bug Fix
Doc Text:
`ipa` commands no longer fail when the user does not have a home directory in IdM Previously, when Identity Management (IdM) was unable to create a cache directory at `~/.cache/ipa` in the home directory, all `ipa` commands failed. This situation occurred, for example, when the user did not have a home directory. With this update, IdM is able to continue working even when it cannot create or access the cache. Note that in such situations, `ipa` commands can take a long time to complete because all metadata must be downloaded repeatedly.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-04 02:00:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 09:56:18 EDT

  None (edit)
Description Sudhir Menon 2016-08-04 09:49:22 EDT 
Description of problem: ERROR: RuntimeError: Unable to create cache directory: [Errno 13] Permission denied: '/home/test_user'


Version-Release number of selected component (if applicable):
ipa-server-4.4.0-4.el7.x86_64

How reproducible:Always

Steps to Reproduce:
ipa-password module throws permission denied error.

Actual results:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: grouppolicy check length maximum value
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 02:02:28 ] :: check upper bound of length setting
        |:: [ 02:02:29 ] :: [Local_KinitAsAdmin] success
        |:: [  BEGIN   ] :: create group [test_group], desc=[test group] :: actually running 'ipa group-add test_group --desc "test group"'
        |------------------------
        |Added group "test_group"
        |------------------------
        |  Group name: test_group
        |  Description: test group
        |  GID: 1066000105
        |:: [   PASS   ] :: create group [test_group], desc=[test group] (Expected 0, got 0)
:: [ 02:02:33 ] :: [Local_KinitAsAdmin] success
ipa: ERROR: test_group: password policy not found
:: [ 02:02:36 ] :: [Local_KinitAsAdmin] success
:: [ 02:02:39 ] :: [reset_group_pwpolicy] success
:: [ 02:02:39 ] :: disable other password policy constrains
:: [  BEGIN   ] :: Running 'rlDistroDiff keyctl'
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [ 02:02:39 ] :: [Local_KinitAsAdmin] success
  Group: test_group
  Max lifetime (days): 60
  Min lifetime (hours): 0
  History size: 0
  Character classes: 0
  Min length: 10
  Priority: 6
  Max failures: 0
  Failure reset interval: 0
  Lockout duration: 0
:: [  BEGIN   ] :: Running '/usr/bin/kdestroy -qA '
:: [   PASS   ] :: Command '/usr/bin/kdestroy -qA ' (Expected 0, got 0)
:: [ 02:02:43 ] :: precondition: minlife=[0] minclasses=[0] history=[0]
:: [ 02:02:43 ] :: [Local_KinitAsAdmin] success
:: [ 02:02:48 ] :: [add_test_user] success
        |:: [  BEGIN   ] :: Running 'rlDistroDiff keyctl'
        |:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
        |:: [ 02:02:49 ] :: [Local_KinitAsAdmin] success
        |:: [ 02:02:51 ] :: add user [test_user] as member of group [test_group]: ipa group-add-member test_group --users=test_user
        |:: [  BEGIN   ] :: Running 'ipa group-add-member test_group --users=test_user'
        |  Group name: test_group
        |  Description: test group
        |  GID: 1066000105
        |  Member users: test_user
        |-------------------------
        |Number of members added 1
        |-------------------------
        |:: [   PASS   ] :: Command 'ipa group-add-member test_group --users=test_user' (Expected 0, got 0)
:: [ 02:02:52 ] :: there is no real upper-bound of password length, I will try some bigger but resonable number here [30]
:: [  BEGIN   ] :: Running 'rlDistroDiff keyctl'
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [ 02:02:53 ] :: [Local_KinitAsAdmin] success
        |+------- begining of [/tmp/tmp.XdIHwlAMTh/grouppwupperbound.23518.out] -----------+
        |  Group: test_group
        |  Max lifetime (days): 60
        |  Min lifetime (hours): 0
        |  History size: 0
        |  Character classes: 0
        |  Min length: 30
        |  Priority: 6
        |  Max failures: 0
        |  Failure reset interval: 0
        |  Lockout duration: 0
        |+------------ end of [/tmp/tmp.XdIHwlAMTh/grouppwupperbound.23518.out] -----------+
:: [  BEGIN   ] :: Running '/usr/bin/kdestroy -qA '
:: [   PASS   ] :: Command '/usr/bin/kdestroy -qA ' (Expected 0, got 0)
:: [ 02:02:56 ] :: len=[30] edge=[30]
:: [ 02:02:56 ] :: minlength=[30], now continue test
:: [ 02:02:56 ] :: minlength=[30], current len [29],password=[eW8/ðtW0=čcG9#čuX7,ðlP1+№xM3,]
:: [  BEGIN   ] :: Running 'rlDistroDiff keyctl'
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [  BEGIN   ] :: validating current password :: actually running 'echo Password_123 | sudo -u test_user kinit test_user 2>&1 >/dev/null'
:: [   PASS   ] :: validating current password (Expected 0, got 0)
      [change_password_through_pam_stack] change password for user: [test_user] [Password_123] --> [eW8/ðtW0=čcG9#čuX7,ðlP1+№xM3,] pam-stack: localUser[test_user]
      [change_password_through_pam_stack] found kerberos for user [test_user], test continue pam-stack: localUser[test_user]
        |+------- begining of [[change_password_through_pam_stack] ready to execute exp file [/tmp/tmp.XdIHwlAMTh/changepassword.24362.exp]] -----------+
        |set timeout 5
        |set force_conservative 0
        |set send_slow {1 .001}
        |spawn sudo -u test_user ipa passwd test_user
        |expect "Current Password: "
        |send Password_123\r
        |expect "New Password: "
        |send eW8/ðtW0=čcG9#čuX7,ðlP1+№xM3,\r
        |expect "Enter New Password again to verify: "
        |send eW8/ðtW0=čcG9#čuX7,ðlP1+№xM3,\r
        |expect eof
        |+------------ end of [[change_password_through_pam_stack] ready to execute exp file [/tmp/tmp.XdIHwlAMTh/changepassword.24362.exp]] -----------+
send: spawn id exp5 not open
    while executing
"send Password_123\r"
    (file "/tmp/tmp.XdIHwlAMTh/changepassword.24362.exp" line 6)
        |+------- begining of [[change_password_through_pam_stack] output of exp file execution] -----------+
        |spawn sudo -u test_user ipa passwd test_user
        |ipa: ERROR: Could not create log_dir u'/home/test_user/.ipa/log'
        |ipa: ERROR: RuntimeError: Unable to create cache directory: [Errno 13] Permission denied: '/home/test_user'
        |Traceback (most recent call last):
        |  File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1347, in run
        |    api.finalize()
        |  File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 701, in finalize
        |    self.__do_if_not_done('load_plugins')
        |  File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 416, in __do_if_not_done
        |    getattr(self, name)()
        |  File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 579, in load_plugins
        |    for package in self.packages:
        |  File "/usr/lib/python2.7/site-packages/ipalib/__init__.py", line 919, in packages
        |    ipaclient.remote_plugins.get_package(self),
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 17, in get_package
        |    plugins = schema.get_package(api, client)
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 494, in get_package
        |    fingerprint = str(schema['fingerprint'])
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 443, in __getitem__
        |    self._ensure_cached()
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 422, in _ensure_cached
        |    (fp, exp) = self._get_schema()
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 390, in _get_schema
        |    self._store(fp, schema)
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 453, in _store
        |    _ensure_dir_created(SCHEMA_DIR)
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 283, in _ensure_dir_created
        |    "".format(e))
        |RuntimeError: Unable to create cache directory: [Errno 13] Permission denied: '/home/test_user'
        |ipa: ERROR: an internal error has occurred
        |+------------ end of [[change_password_through_pam_stack] output of exp file execution] -----------+

Expected results:
Need to fix the issue.
 
Additional info: This issue was seen for many of the testcases which ran in beaker job for ipa-password module.
Comment 5 Sudhir Menon 2016-08-23 08:32:54 EDT 
Traceback or permission denied message is not seen for any of the tests for ipa-password.
Verified on RHEL7.3 using 

ipa-server-4.4.0-8.el7.x86_64
sssd-1.14.0-27.el7.x86_64


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: grouppolicy check length maximum value
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: check upper bound of length setting
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   PASS   ] :: create group [test_group], desc=[test group] (Expected 0, got 0)
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   LOG    ] :: [reset_group_pwpolicy] success
:: [   LOG    ] :: disable other password policy constrains
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   PASS   ] :: Command '/usr/bin/kdestroy -qA ' (Expected 0, got 0)
:: [   LOG    ] :: precondition: minlife=[0] minclasses=[0] history=[0]
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   PASS   ] :: [add_test_user] PASS: create user [test_user] and set password [Password_123] success 
:: [   LOG    ] :: [add_test_user] success
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   LOG    ] :: add user [test_user] as member of group [test_group]: ipa group-add-member test_group --users=test_user
:: [   PASS   ] :: Command 'ipa group-add-member test_group --users=test_user' (Expected 0, got 0)
:: [   LOG    ] :: there is no real upper-bound of password length, I will try some bigger but resonable number here [30]
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   PASS   ] :: Command '/usr/bin/kdestroy -qA ' (Expected 0, got 0)
:: [   LOG    ] :: len=[30] edge=[30]
:: [   LOG    ] :: minlength=[30], now continue test
:: [   LOG    ] :: minlength=[30], current len [29],password=[bC9~πdN0=ðxB3=špD2+№gM2+đnE5%]
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   PASS   ] :: validating current password (Expected 0, got 0)
:: [   PASS   ] :: password change failed, this is expected 
:: [   LOG    ] :: minlength=[30], current len [30],class=[5]
:: [   LOG    ] :: minlength=[30], current len [30],password=[qI4,ðjG7+وnF8%๐uC4=čjE9#đtT1%è]
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   PASS   ] :: validating current password (Expected 0, got 0)
:: [   PASS   ] :: password change success is expected 
:: [   LOG    ] :: minlength=[30], current len [31],password=[cJ4=ènK8+èrC7=ŵmO5%ðsK6,ðjJ2/đb]
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   PASS   ] :: validating current password (Expected 0, got 0)
:: [   PASS   ] :: password change success is expected 
:: [   LOG    ] :: Duration: 41s
:: [   LOG    ] :: Assertions: 17 good, 0 bad
:: [   PASS   ] :: RESULT: grouppolicy check length maximum value
Comment 13 errata-xmlrpc 2016-11-04 02:00:15 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.