Bug 518279 - logs created at startup can get wrong file mode
Summary: logs created at startup can get wrong file mode
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: 389
Classification: Retired
Component: Directory Server
Version: 1.2.0
Hardware: All
OS: All
low
medium
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Depends On:
Blocks: 434914 389_1.2.3
TreeView+ depends on / blocked
 
Reported: 2009-08-19 17:42 UTC by Ulf Weltman
Modified: 2015-12-07 16:42 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-07 16:42:10 UTC


Attachments (Terms of Use)
trivial fix proposal (2.28 KB, patch)
2009-08-19 17:44 UTC, Ulf Weltman
no flags Details | Diff
revised patch (3.73 KB, patch)
2009-09-22 23:02 UTC, Rich Megginson
no flags Details | Diff

Description Ulf Weltman 2009-08-19 17:42:35 UTC
If nsslapd-errorlog-mode is set to 644, slapd is shut down, errors log removed, and slapd is started, then the new log might get permissions 600.

This is happening because the front end processing of the configuration attributes in cn=config happens in an order that can't be relied upon.  If it processes nsslapd-errorlog before nsslapd-errorlog-mode, then it creates the log file with the default permissions (600).  This is true for access and audit logs too.

Comment 1 Ulf Weltman 2009-08-19 17:44:15 UTC
Created attachment 357960 [details]
trivial fix proposal

This fix makes the function that processes the nsslapd-{access|error|audit}log-mode attribute also perform a chown, if it has already processed the nsslapd-{access|error|audit}log attribute.  If it has not yet processed the nsslapd-{access|error|audit}log attribute then it wont perform the chown since it doesn't yet know the file name of the log file, and anyway the mode will be correct when the nsslapd-{access|error|audit}log attribute is processed and the log file is opened.

A side effect of this fix is that we can now change mode on open log files on the fly.  Previously, setting nsslapd-{access|error|audit}log-mode would only affect new files but now it will also take effect for the log file currently in use.

Comment 2 Rich Megginson 2009-09-22 23:02:44 UTC
Created attachment 362149 [details]
revised patch

Comment 3 Rich Megginson 2009-09-23 13:13:41 UTC
To ssh://git.fedorahosted.org/git/389/ds.git
   60c49dd..56b9868  master -> master

commit 56b9868c2fca5a56b11a4d0a9387980b6f338835
Author: Rich Megginson <rmeggins@redhat.com>
Date:   Tue Sep 22 17:04:19 2009 -0600

    Reviewed by: nkinder (Thanks!)
    Fix Description: Try to apply the mode using chmod() if a log file has been 
specified.  If and only if the log file has not been set, or if the chmod() succ
eeds, apply the changes to the internal config.
    Platforms tested: RHEL5 x86_64
    Flag Day: no
    Doc impact: no

Comment 4 Jenny Severance 2010-06-07 20:16:35 UTC
verified - RHEL 4 and Solaris

version -
Solaris: 8.2.0,REV=2010.06.07.04.34.53
RHEL 4: redhat-ds-base-8.2.0-2010060704.el4dsrv


Solaris:

bash-2.05# /etc/init.d/dirsrv stop
Shutting down dirsrv: 
    sun-netra-01... SUCCESS
Solaris:
bash-2.05# rm -rf /var/log/dirsrv/slapd-sun-netra-01/*
bash-2.05# /etc/init.d/dirsrv start
Starting dirsrv: 
    sun-netra-01... SUCCESS
bash-2.05# ls -al /var/log/dirsrv/slapd-sun-netra-01/
total 12
drwxrwx---   2 nobody   nobody       512 Jun  7 16:08 .
drwxr-xr-x   4 root     other        512 Jun  7 15:59 ..
-rw-------   1 nobody   other          0 Jun  7 16:08 access
-rw-------   1 nobody   other         63 Jun  7 16:08 access.rotationinfo
-rw-------   1 nobody   other          0 Jun  7 16:08 audit
-rw-------   1 nobody   other         63 Jun  7 16:08 audit.rotationinfo
-rw-------   1 nobody   other        297 Jun  7 16:08 errors
-rw-------   1 nobody   other         63 Jun  7 16:08 errors.rotationinfo


RHEL 4:

[root@jgalipea-rhel4 ~]# ls -al /var/log/dirsrv/slapd-jgalipea-rhel4/
total 56
drwxrwx---  2 nobody nobody 4096 Jun  7 16:14 .
drwxr-xr-x  4 root   root   4096 Jun  7 04:22 ..
-rw-------  1 nobody root      0 Jun  7 16:14 access
-rw-------  1 nobody root     63 Jun  7 16:14 access.rotationinfo
-rw-------  1 nobody root      0 Jun  7 16:14 audit
-rw-------  1 nobody root     63 Jun  7 16:14 audit.rotationinfo
-rw-------  1 nobody root    388 Jun  7 16:14 errors
-rw-------  1 nobody root     63 Jun  7 16:14 errors.rotationinfo
[root@jgalipea-rhel4 ~]# service dirsrv stop
Shutting down dirsrv: 
    jgalipea-rhel4...                                      [  OK  ]
[root@jgalipea-rhel4 ~]# rm -rf /var/log/dirsrv/slapd-jgalipea-rhel4/*
[root@jgalipea-rhel4 ~]# service dirsrv start
Starting dirsrv: 
    jgalipea-rhel4...                                      [  OK  ]
[root@jgalipea-rhel4 ~]# ls -al /var/log/dirsrv/slapd-jgalipea-rhel4/
total 56
drwxrwx---  2 nobody nobody 4096 Jun  7 16:14 .
drwxr-xr-x  4 root   root   4096 Jun  7 04:22 ..
-rw-------  1 nobody root      0 Jun  7 16:14 access
-rw-------  1 nobody root     63 Jun  7 16:14 access.rotationinfo
-rw-------  1 nobody root      0 Jun  7 16:14 audit
-rw-------  1 nobody root     63 Jun  7 16:14 audit.rotationinfo
-rw-------  1 nobody root    388 Jun  7 16:14 errors
-rw-------  1 nobody root     63 Jun  7 16:14 errors.rotationinfo


Note You need to log in before you can comment on or make changes to this bug.