Bug 746350 - error log fails to report reasons why access log can;t be open
Summary: error log fails to report reasons why access log can;t be open
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: 389
Classification: Retired
Component: Directory Server
Version: 1.2.10
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 690319
TreeView+ depends on / blocked
 
Reported: 2011-10-14 21:23 UTC by Simo Sorce
Modified: 2015-01-04 23:51 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-01-20 17:32:00 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Simo Sorce 2011-10-14 21:23:42 UTC 
If the access log cannot be opened there is an error reported in errors log.
But it doesn;t give any reason why the access log file couldn't be opened.
The errno should be returned at least.
Comment 3 Martin Kosek 2012-01-04 13:20:09 UTC 
Upstream ticket:
https://fedorahosted.org/389/ticket/21
Comment 4 Noriko Hosoi 2012-01-20 00:25:36 UTC 
I set a bogus access log path in cn=config:
nsslapd-accesslog: /var/log/dirsrv/slapd-bogus/access

Staring the server failed and this error/warning was logged in the error log:
[..] - WARNING: can't open file /var/log/dirsrv/slapd-bogus/access. errno 2 (No such file or directory)

I double checked the log.c code and verified all the opening access codes (LOG_OPEN_APPEND) are followed by the error report with errno and its strerror like this:
        LDAPDebug(LDAP_DEBUG_ANY, "access file open %s failed errno %d (%s)\n",
                  loginfo.log_access_file, oserr, slapd_system_strerror(oserr));

Could it be possible to share the error log with us?
Comment 5 Simo Sorce 2012-01-20 00:40:43 UTC 
The error log is gone with the server where I reproduced.

However testing with a bogus file name is the wrong test.

You have to test with an existing file you cannot open (SELinux was blocking access at the time due to wrong labeling IIRC).
Comment 6 Noriko Hosoi 2012-01-20 01:03:26 UTC 
Thank you, Simo.  I still see the errno and error message.

# setenforce 1
# getenforce 
Enforcing
# service dirsrv start

# tail errors
[..] - WARNING: can't open file /var/tmp/slapd-kiki1/access. errno 13 (Permission denied)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[..] dse - The entry cn=config in file /etc/dirsrv/slapd-kiki/dse.ldif is invalid, error code 53 (Server is unwilling to perform) - Cannot open accesslog directory "/var/tmp/slapd-kiki1/access", client accesses will not be logged.
[..] dse - Could not load config file [dse.ldif]
[..] dse - Please edit the file to correct the reported problems and then restart the server.

If I disable selinux, the server starts just fine with no warnings/errors.  So, this Permission denied error is coming from selinux...
Comment 7 Simo Sorce 2012-01-20 05:54:34 UTC 
I can only guess it has been fixed since I reported the error.
Comment 8 Noriko Hosoi 2012-01-20 17:32:00 UTC 
(In reply to comment #7)
> I can only guess it has been fixed since I reported the error.

Probably, you are right.  If you are okay with the output I pasted in Comment 6, I'm closing this bug with WORKSFORME.  Please reopen it if you have any problems.

Thanks, Simo!
Note You need to log in before you can comment on or make changes to this bug.