Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1353964 - Log files for ipa in /var/log/ipa and /var/log directory must have similar permissions.
Summary: Log files for ipa in /var/log/ipa and /var/log directory must have similar pe...
Keywords:
Status: ASSIGNED
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-08 14:31 UTC by Sudhir Menon
Modified: 2019-03-25 16:50 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)

Description Sudhir Menon 2016-07-08 14:31:47 UTC
Description of problem: Log files in /var/log/ipa directory have different permissions.

Version-Release number of selected component (if applicable):
ipa-server-4.4.0-1.el7.x86_64

How reproducible: Always

Steps to Reproduce:

1. Install IPA server
2. Navigate to /var/log/ipa directory and check log file permissions.
3. Check /var/log directory for ipa related log file permissions.

Actual results:

/var/log/ipa
[root@server ipa]# ls -l
-rw-r--r--. 1 root root 4830 Jul  8 18:27 ipactl.log
-rw-------  1 root root    0 Jul  5 14:51 renew.log
-rw-r--r--  1 root root  912 Jul  8 17:52 server.log

[root@server log]# pwd
/var/log
-rw-------  1 root   root      54141 Jul  8 16:47 ipabackup.log
-rw-------. 1 root   root      62059 Jul  8 16:54 ipaclient-install.log
-rw-------. 1 root   root      47168 Jul  8 12:00 ipaclient-uninstall.log
-rw-------  1 root   root       5749 Jul  8 16:10 ipareplica-install.log
-rw-------  1 root   root      36796 Jul  8 17:24 iparestore.log
-rw-------. 1 root   root      28651 Jul  8 18:43 ipaserver-install.log
-rw-------  1 root   root      91545 Jul  8 17:58 ipaserver-kra-install.log
-rw-------  1 root   root       2562 Jul  8 17:15 ipaserver-kra-uninstall.log
-rw-------. 1 root   root      65098 Jul  8 12:00 ipaserver-uninstall.log
-rw-------  1 root   root      61890 Jul  8 11:41 ipaserver-uninstall.log.crash
-rw-------  1 root   root   10542916 Jul  8 17:30 ipaupgrade.log

Expected results:
Permissions of log file should be consistent with other log files of ipaserver
i.e 600 unless specifically required to be different.

Additional info:

Comment 2 Petr Vobornik 2016-07-21 15:55:43 UTC
triage notes:     
"""
mbasti: it looks like these logs (ipactl.log, default.log) are created by something else (systemd?) and they contain text from stderr

I suspect that ipactl.log is STDERR output from `systemctl start ipa`

IPA default logger setup has permission 0o600
"""

Comment 3 Petr Vobornik 2016-07-21 15:56:24 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/6104


Note You need to log in before you can comment on or make changes to this bug.