Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 495522

Summary: Start script hardcodes file permissions mask to 077 (600), so the nsslapd-*log-mode configuration attributes don't work
Product: [Retired] 389 Reporter: Deon Ballard <dlackey>
Component: Command Line UtilitiesAssignee: Rich Megginson <rmeggins>
Status: CLOSED CURRENTRELEASE QA Contact: Viktor Ashirov <vashirov>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.1.3CC: jgalipea, nkinder, rmeggins, telackey
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-07 17:18:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 434914, 519216    
Attachments:
Description Flags
patch none

Description Deon Ballard 2009-04-13 16:41:27 UTC 
This actually came from Thomas, so I'll explain as best I can.

Basically, he was trying to set the permissions on the error log file using the nsslapd-errorlog-mode configuration attribute. The default setting is 600. He was setting it to 644 and then rotating the log, but it wasn't changing the permissions from 600. He figured that the log file must be getting its permissions settings from a umask somewhere, not from the nsslapd-errorlog-mode attribute, and he found it in the start script, "umask 077". As soon as he changed the permissions in the start script, the permissions on the logs changed.

So, to summarize, none of the nsslapd-*log-mode configuration attributes work because the file permissions are set manually in the start script.
Comment 1 Rich Megginson 2009-09-22 21:46:49 UTC 
Created attachment 362142 [details]
patch
Comment 2 Rich Megginson 2009-09-22 22:05:25 UTC 
To ssh://git.fedorahosted.org/git/389/ds.git
   58b0496..60c49dd  master -> master
commit 60c49ddc2956222468f36be1e5f5a5358fb92774
Author: Rich Megginson <rmeggins>
Date:   Tue Sep 22 15:47:17 2009 -0600

    Start script hardcodes file permissions mask to 077 (600), so the nsslapd-*l
    https://bugzilla.redhat.com/show_bug.cgi?id=495522
    Resolves: bug 495522
    Bug Description: Start script hardcodes file permissions mask to 077 (600), 
    Reviewed by: nkinder (Thanks!)
    Fix Description: Use umask 002 for the directory server process
    Platforms tested: Fedora 11 x86_64
    Flag Day: no
    Doc impact: no
Comment 3 Jenny Severance 2010-05-27 19:51:40 UTC 
verified - RHEL 4

version:
redhat-ds-base-8.2.0-2010052704.el4dsrv

init script
/etc/init.d/dirsrv

                # start the directory server in a subshell so that the instance specific
                # init config environment will not apply to any other instance
                (
                    umask 002 # reset umask to allow logs and other files modes to be explicitly set
                    [ -f /etc/sysconfig/dirsrv-$instance ] && . /etc/sysconfig/dirsrv-$instance
                    $exec -D $instbase/slapd-$instance -i $pidfile -w $startpidfile
                )