Bug 1651876 - blank permissions of /run/saslauthd after rpm --setperms
Summary: blank permissions of /run/saslauthd after rpm --setperms
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: cyrus-sasl
Version: 7.6
Hardware: Unspecified
OS: Linux
Target Milestone: rc
: ---
Assignee: Simo Sorce
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2018-11-21 06:02 UTC by Mark Malakanov
Modified: 2019-02-11 15:41 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-02-11 15:41:11 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Mark Malakanov 2018-11-21 06:02:08 UTC
Description of problem:
wrong (blank) permissions for /run/saslauthd in cyrus-sasl RPM.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. rpm --setperms cyrus-sasl
2. ll -d /run/saslauthd
3. rpm -q --qf "[%{FILENAMES} %{FILEMODES:perms}\n]" cyrus-sasl | grep 

Actual results:
d---------. 2 root root 100 Nov 21 05:25 /run/saslauthd
/run/saslauthd ----------

Expected results:
drwxr-xr-x. 2 root root 100 Nov 21 05:25 /run/saslauthd
/run/saslauthd -rwxr-xr-x

Additional info:
Though saslauthd daemon sets correct permissions after its restart, these permissions differ with the permissions in RPM. 
This causes OSCAP scan to detect is failure of rule "Verify and Correct File Permissions with RPM" ID: xccdf_org.ssgproject.content_rule_rpm_verify_permissions

Comment 1 Jakub Jelen 2018-11-21 08:59:04 UTC
You are using RHEL7 package and you filled a bug on Fedora. Please, clarify what system are you using

Comment 2 Mark Malakanov 2018-11-21 13:58:44 UTC
Hi. I am using Centos 7

Comment 4 Simo Sorce 2018-12-06 16:42:52 UTC
Sounds like all is needed is to fix the spec to say:
%ghost %attr(755, root, root) /run/saslauthd

Comment 5 Simo Sorce 2019-02-11 15:41:11 UTC
This issue was not selected to be included either in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small amount of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available. We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.

Note You need to log in before you can comment on or make changes to this bug.