1544457 – sssd fails to release file descriptor on child logs after receiving HUP

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1544457 - sssd fails to release file descriptor on child logs after receiving HUP

Summary: sssd fails to release file descriptor on child logs after receiving HUP

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	8.2
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Alexey Tikhonov
QA Contact:	sssd-qe
Docs Contact:
URL:
Whiteboard:	sync-to-jira review
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-02-12 14:39 UTC by Striker Leggette
Modified:	2023-12-15 16:01 UTC (History)
CC List:	13 users (show)
Fixed In Version:	sssd-2.3.0-3.el8
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-11-04 02:04:28 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	SSSD sssd issues 4667	0	None	closed	sssd fails to release file descriptor on child logs after receiving HUP	2021-02-16 13:19:56 UTC
Red Hat Product Errata	RHBA-2020:4569	0	None	None	None	2020-11-04 02:04:48 UTC

Description Striker Leggette 2018-02-12 14:39:22 UTC

[+] Description of problem:
 - In an environment where krb5_child.log is rotated, it was found that SSSD continues to write to the rotated log file, despite receiving HUP.

[+] Version-Release number of selected component (if applicable):
 - sssd-1.15.2-50.el7_4.8.x86_64

[+] How reproducible:
 - Always

[+] Steps to Reproduce:

1. # mv /var/log/sssd/krb5_child.log /var/log/sssd/krb5_child.log.old ; /bin/kill -HUP `cat /var/run/sssd.pid  2>/dev/null`  2> /dev/null || true

2. Authenticate using AD/KRB5 SSSD backend.

[+] Actual results:
 - SSSD continues to write logs to /var/log/sssd/krb5_child.log.old

[+] Expected results:
 - SSSD writes logs to /var/log/sssd/krb5_child.log

Comment 1 Lukas Slebodnik 2018-02-12 15:00:37 UTC

The situation is the same with all child log files.

Comment 5 Jakub Hrozek 2018-02-21 16:55:45 UTC

Upstream ticket:
https://pagure.io/SSSD/sssd/issue/3647

Comment 10 Alexey Tikhonov 2020-05-28 08:20:46 UTC

Upstream PR: https://github.com/SSSD/sssd/pull/5180

Comment 12 Pavel Březina 2020-06-05 09:06:43 UTC

Pushed PR: https://github.com/SSSD/sssd/pull/5180

* `master`
    * 375887543daf26003ff7d900cf6a69d0c0b58523 - DEBUG: only open child process log files when required

Comment 13 Alexey Tikhonov 2020-06-09 08:46:18 UTC

Additional patch:

Pushed PR: #5195
    * `master`
      * [e58853f](https://github.com/SSSD/sssd/commit/e58853f9ce63fae0c8b219b79be65c760a2f3e7e) - DEBUG: use new exec_child(_ex) interface in tests

Comment 17 Anuj Borah 2020-08-05 08:08:09 UTC

On Previous sssd version:  sssd-2.2.3-13.fc30.x86_64

[root@server sssd]# ls -ltr
total 1504
-rw-------. 1 root root       0 Aug  5 10:50 ldap_child.log
-rw-------. 1 root root     282 Aug  5 11:07 sssd_pam.log
-rw-------. 1 root root     376 Aug  5 11:07 sssd_nss.log
-rw-------. 1 root root     436 Aug  5 11:07 sssd_implicit_files.log
-rw-------. 1 root root    2760 Aug  5 11:07 sssd.log
-rw-------. 1 root root    1699 Aug  5 11:08 krb5_child.log
-rw-------. 1 root root       0 Aug  5 11:09 sssd_kcm.log
-rw-------. 1 root root 1174238 Aug  5 11:09 sssd_example1.log
-rw-------. 1 root root  343613 Aug  5 11:09 sssd_anuj.log


[root@server sssd]# mv /var/log/sssd/krb5_child.log /var/log/sssd/krb5_child.log.old ; /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true

[root@server sssd]# ls -ltr 
total 1612
-rw-------. 1 root root       0 Aug  5 10:50 ldap_child.log
-rw-------. 1 root root     282 Aug  5 11:07 sssd_pam.log
-rw-------. 1 root root     376 Aug  5 11:07 sssd_nss.log
-rw-------. 1 root root     436 Aug  5 11:07 sssd_implicit_files.log
-rw-------. 1 root root       0 Aug  5 11:09 sssd_kcm.log
-rw-------. 1 root root    3401 Aug  5 11:16 krb5_child.log.old
-rw-------. 1 root root 1217589 Aug  5 11:17 sssd_example1.log
-rw-------. 1 root root  409134 Aug  5 11:17 sssd_anuj.log
-rw-------. 1 root root    2882 Aug  5 11:17 sssd.log


[root@server sssd]# id anuj_krb5
uid=1003(anuj_krb5) gid=1003 groups=1003
[root@server sssd]# su anuj_krb5
sh-5.0$ bash
[anuj_krb5@server sssd]$ ssh server.anuj.com
Last login: Wed Aug  5 13:27:40 2020
id: cannot find name for group ID 1003
[anuj_krb5@server ~]$ exit
logout
Connection to server.anuj.com closed.
[anuj_krb5@server sssd]$ 

[root@server sssd]# ls -ltr 
total 1972
-rw-------. 1 root root       0 Aug  5 10:50 ldap_child.log
-rw-------. 1 root root     282 Aug  5 11:07 sssd_pam.log
-rw-------. 1 root root     376 Aug  5 11:07 sssd_nss.log
-rw-------. 1 root root     436 Aug  5 11:07 sssd_implicit_files.log
-rw-------. 1 root root    2882 Aug  5 11:17 sssd.log
-rw-------. 1 root root    5542 Aug  5 11:18 krb5_child.log.old
-rw-------. 1 root root      94 Aug  5 11:24 sssd_kcm.log
-rw-------. 1 root root  538894 Aug  5 13:27 sssd_anuj.log
-rw-------. 1 root root 1446040 Aug  5 13:27 sssd_example1.log


Here we can clearly see that no new krb5_child.log file created and logs keep writing on rb5_child.log.old file.
=================================================================================

With sssd-2.3.0-6.el8.x86_64


[root@ci-vm-10-0-139-240 sssd]# ls -ltr
total 800
-rw-------. 1 root root    252 Aug  5 03:40 sssd_kcm.log
-rw-------. 1 root root    336 Aug  5 03:44 sssd_nss.log
-rw-------. 1 root root    168 Aug  5 03:44 sssd_pam.log
-rw-------. 1 root root    396 Aug  5 03:44 sssd_implicit_files.log
-rw-------. 1 root root   5814 Aug  5 03:44 sssd.log
-rw-------. 1 root root   5386 Aug  5 03:47 krb5_child.log
-rw-------. 1 root root 297584 Aug  5 03:47 sssd_example1.log
-rw-------. 1 root root 365652 Aug  5 03:47 sssd_anuj.log


[root@ci-vm-10-0-139-240 sssd]# mv /var/log/sssd/krb5_child.log /var/log/sssd/krb5_child.log.old ; /bin/kill -HUP `cat /var/run/sssd.pid  2>/dev/null`  2> /dev/null || true
[root@ci-vm-10-0-139-240 sssd]# ls -lr 
total 784
-rw-------. 1 root root    168 Aug  5 03:44 sssd_pam.log
-rw-------. 1 root root    336 Aug  5 03:44 sssd_nss.log
-rw-------. 1 root root   5932 Aug  5 03:49 sssd.log
-rw-------. 1 root root    252 Aug  5 03:40 sssd_kcm.log
-rw-------. 1 root root    396 Aug  5 03:44 sssd_implicit_files.log
-rw-------. 1 root root 308673 Aug  5 03:49 sssd_example1.log
-rw-------. 1 root root 376341 Aug  5 03:49 sssd_anuj.log
-rw-------. 1 root root   5386 Aug  5 03:47 krb5_child.log.old


[root@ci-vm-10-0-139-240 sssd]# id aborah
uid=1004(aborah) gid=1004 groups=1004
[root@ci-vm-10-0-139-240 sssd]# su aborah
sh-4.4$ bash 
bash-4.4$ ssh localhost
aborah@localhost's password:

[root@ci-vm-10-0-139-240 sssd]# ls -lrt 
total 1000
-rw-------. 1 root root    252 Aug  5 03:40 sssd_kcm.log
-rw-------. 1 root root    336 Aug  5 03:44 sssd_nss.log
-rw-------. 1 root root    168 Aug  5 03:44 sssd_pam.log
-rw-------. 1 root root    396 Aug  5 03:44 sssd_implicit_files.log
-rw-------. 1 root root   5386 Aug  5 03:47 krb5_child.log.old
-rw-------. 1 root root   5932 Aug  5 03:49 sssd.log
-rw-------. 1 root root   5705 Aug  5 03:50 krb5_child.log
-rw-------. 1 root root 318004 Aug  5 03:50 sssd_example1.log
-rw-------. 1 root root 424256 Aug  5 03:50 sssd_anuj.log

 This time we can clearly see that , new krb5_child.log was created and no logs were written in sssd_implicit_files.log.

Comment 18 Anuj Borah 2020-08-05 08:10:19 UTC

Small correction :

This time we can clearly see that , new krb5_child.log was created and no logs were written in krb5_child.log.old

Comment 21 errata-xmlrpc 2020-11-04 02:04:28 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sssd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4569

Note You need to log in before you can comment on or make changes to this bug.