Bug 142110 - kadmin can't open /var/log/kadmind.log
kadmin can't open /var/log/kadmind.log
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: krb5 (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-12-07 08:46 EST by John Haxby
Modified: 2012-06-20 12:04 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 12:04:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Haxby 2004-12-07 08:46:29 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041020

Description of problem:
When I start kadmin as a non-root user I'm informed that I can't open
the log file due to lack of permission:

$ /usr/kerberos/sbin/kadmin
Couldn't open log file /var/log/kadmind.log: Permission denied
Couldn't open log file /var/log/kadmind.log: Permission denied
Authenticating as principal jch/admin@UK.SCALIX.COM with password.
Password for jch/admin@UK.SCALIX.COM:

This presumably a security issue since the log is probably there for a
good reason!

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. As a non-root user, /usr/kerberos/sbin/kadmin

Actual Results:  Error message as above.

Expected Results:  No error message and stuff logged to the log file.

Additional info:

Even if the log file could be opened, why are we logging to a file
called kadmind.log instead of kadmin.log?
Comment 1 Nalin Dahyabhai 2010-02-12 13:11:16 EST
I expect that kadmin is attempting to log to the destination specified in /etc/krb5.conf's [logging] section.  Both the kadmin client and server consult the same location for this configuration setting, so it's probably better that it not be a location that's writable by unprivileged users by default, if it's going to be something that we set by default.

This is more of a configuration question than anything.
Comment 2 Jiri Pallich 2012-06-20 12:04:53 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.