Bug 495522 - Start script hardcodes file permissions mask to 077 (600), so the nsslapd-*log-mode configuration attributes don't work
Summary: Start script hardcodes file permissions mask to 077 (600), so the nsslapd-*lo...
Alias: None
Product: 389
Classification: Retired
Component: Command Line Utilities
Version: 1.1.3
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
Depends On:
Blocks: 434914 389_1.2.3
TreeView+ depends on / blocked
Reported: 2009-04-13 16:41 UTC by Deon Ballard
Modified: 2015-12-07 17:18 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-12-07 17:18:44 UTC

Attachments (Terms of Use)
patch (1.41 KB, patch)
2009-09-22 21:46 UTC, Rich Megginson
no flags Details | Diff

Description Deon Ballard 2009-04-13 16:41:27 UTC
This actually came from Thomas, so I'll explain as best I can.

Basically, he was trying to set the permissions on the error log file using the nsslapd-errorlog-mode configuration attribute. The default setting is 600. He was setting it to 644 and then rotating the log, but it wasn't changing the permissions from 600. He figured that the log file must be getting its permissions settings from a umask somewhere, not from the nsslapd-errorlog-mode attribute, and he found it in the start script, "umask 077". As soon as he changed the permissions in the start script, the permissions on the logs changed.

So, to summarize, none of the nsslapd-*log-mode configuration attributes work because the file permissions are set manually in the start script.

Comment 1 Rich Megginson 2009-09-22 21:46:49 UTC
Created attachment 362142 [details]

Comment 2 Rich Megginson 2009-09-22 22:05:25 UTC
To ssh://git.fedorahosted.org/git/389/ds.git
   58b0496..60c49dd  master -> master
commit 60c49ddc2956222468f36be1e5f5a5358fb92774
Author: Rich Megginson <rmeggins>
Date:   Tue Sep 22 15:47:17 2009 -0600

    Start script hardcodes file permissions mask to 077 (600), so the nsslapd-*l
    Resolves: bug 495522
    Bug Description: Start script hardcodes file permissions mask to 077 (600), 
    Reviewed by: nkinder (Thanks!)
    Fix Description: Use umask 002 for the directory server process
    Platforms tested: Fedora 11 x86_64
    Flag Day: no
    Doc impact: no

Comment 3 Jenny Severance 2010-05-27 19:51:40 UTC
verified - RHEL 4


init script

                # start the directory server in a subshell so that the instance specific
                # init config environment will not apply to any other instance
                    umask 002 # reset umask to allow logs and other files modes to be explicitly set
                    [ -f /etc/sysconfig/dirsrv-$instance ] && . /etc/sysconfig/dirsrv-$instance
                    $exec -D $instbase/slapd-$instance -i $pidfile -w $startpidfile

Note You need to log in before you can comment on or make changes to this bug.