Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1364113 - ipa-password: ipa: ERROR: RuntimeError: Unable to create cache directory: [Errno 13] Permission denied: '/home/test_user'
Summary: ipa-password: ipa: ERROR: RuntimeError: Unable to create cache directory: [Er...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
Aneta Šteflová Petrová
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-04 13:49 UTC by Sudhir Menon
Modified: 2016-11-04 06:00 UTC (History)
3 users (show)

Fixed In Version: ipa-4.4.0-8.el7
Doc Type: Bug Fix
Doc Text:
`ipa` commands no longer fail when the user does not have a home directory in IdM Previously, when Identity Management (IdM) was unable to create a cache directory at `~/.cache/ipa` in the home directory, all `ipa` commands failed. This situation occurred, for example, when the user did not have a home directory. With this update, IdM is able to continue working even when it cannot create or access the cache. Note that in such situations, `ipa` commands can take a long time to complete because all metadata must be downloaded repeatedly.
Clone Of:
Environment:
Last Closed: 2016-11-04 06:00:15 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Sudhir Menon 2016-08-04 13:49:22 UTC
Description of problem: ERROR: RuntimeError: Unable to create cache directory: [Errno 13] Permission denied: '/home/test_user'


Version-Release number of selected component (if applicable):
ipa-server-4.4.0-4.el7.x86_64

How reproducible:Always

Steps to Reproduce:
ipa-password module throws permission denied error.

Actual results:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: grouppolicy check length maximum value
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 02:02:28 ] :: check upper bound of length setting
        |:: [ 02:02:29 ] :: [Local_KinitAsAdmin] success
        |:: [  BEGIN   ] :: create group [test_group], desc=[test group] :: actually running 'ipa group-add test_group --desc "test group"'
        |------------------------
        |Added group "test_group"
        |------------------------
        |  Group name: test_group
        |  Description: test group
        |  GID: 1066000105
        |:: [   PASS   ] :: create group [test_group], desc=[test group] (Expected 0, got 0)
:: [ 02:02:33 ] :: [Local_KinitAsAdmin] success
ipa: ERROR: test_group: password policy not found
:: [ 02:02:36 ] :: [Local_KinitAsAdmin] success
:: [ 02:02:39 ] :: [reset_group_pwpolicy] success
:: [ 02:02:39 ] :: disable other password policy constrains
:: [  BEGIN   ] :: Running 'rlDistroDiff keyctl'
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [ 02:02:39 ] :: [Local_KinitAsAdmin] success
  Group: test_group
  Max lifetime (days): 60
  Min lifetime (hours): 0
  History size: 0
  Character classes: 0
  Min length: 10
  Priority: 6
  Max failures: 0
  Failure reset interval: 0
  Lockout duration: 0
:: [  BEGIN   ] :: Running '/usr/bin/kdestroy -qA '
:: [   PASS   ] :: Command '/usr/bin/kdestroy -qA ' (Expected 0, got 0)
:: [ 02:02:43 ] :: precondition: minlife=[0] minclasses=[0] history=[0]
:: [ 02:02:43 ] :: [Local_KinitAsAdmin] success
:: [ 02:02:48 ] :: [add_test_user] success
        |:: [  BEGIN   ] :: Running 'rlDistroDiff keyctl'
        |:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
        |:: [ 02:02:49 ] :: [Local_KinitAsAdmin] success
        |:: [ 02:02:51 ] :: add user [test_user] as member of group [test_group]: ipa group-add-member test_group --users=test_user
        |:: [  BEGIN   ] :: Running 'ipa group-add-member test_group --users=test_user'
        |  Group name: test_group
        |  Description: test group
        |  GID: 1066000105
        |  Member users: test_user
        |-------------------------
        |Number of members added 1
        |-------------------------
        |:: [   PASS   ] :: Command 'ipa group-add-member test_group --users=test_user' (Expected 0, got 0)
:: [ 02:02:52 ] :: there is no real upper-bound of password length, I will try some bigger but resonable number here [30]
:: [  BEGIN   ] :: Running 'rlDistroDiff keyctl'
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [ 02:02:53 ] :: [Local_KinitAsAdmin] success
        |+------- begining of [/tmp/tmp.XdIHwlAMTh/grouppwupperbound.23518.out] -----------+
        |  Group: test_group
        |  Max lifetime (days): 60
        |  Min lifetime (hours): 0
        |  History size: 0
        |  Character classes: 0
        |  Min length: 30
        |  Priority: 6
        |  Max failures: 0
        |  Failure reset interval: 0
        |  Lockout duration: 0
        |+------------ end of [/tmp/tmp.XdIHwlAMTh/grouppwupperbound.23518.out] -----------+
:: [  BEGIN   ] :: Running '/usr/bin/kdestroy -qA '
:: [   PASS   ] :: Command '/usr/bin/kdestroy -qA ' (Expected 0, got 0)
:: [ 02:02:56 ] :: len=[30] edge=[30]
:: [ 02:02:56 ] :: minlength=[30], now continue test
:: [ 02:02:56 ] :: minlength=[30], current len [29],password=[eW8/ðtW0=čcG9#čuX7,ðlP1+№xM3,]
:: [  BEGIN   ] :: Running 'rlDistroDiff keyctl'
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [  BEGIN   ] :: validating current password :: actually running 'echo Password_123 | sudo -u test_user kinit test_user 2>&1 >/dev/null'
:: [   PASS   ] :: validating current password (Expected 0, got 0)
      [change_password_through_pam_stack] change password for user: [test_user] [Password_123] --> [eW8/ðtW0=čcG9#čuX7,ðlP1+№xM3,] pam-stack: localUser[test_user]
      [change_password_through_pam_stack] found kerberos for user [test_user], test continue pam-stack: localUser[test_user]
        |+------- begining of [[change_password_through_pam_stack] ready to execute exp file [/tmp/tmp.XdIHwlAMTh/changepassword.24362.exp]] -----------+
        |set timeout 5
        |set force_conservative 0
        |set send_slow {1 .001}
        |spawn sudo -u test_user ipa passwd test_user
        |expect "Current Password: "
        |send Password_123\r
        |expect "New Password: "
        |send eW8/ðtW0=čcG9#čuX7,ðlP1+№xM3,\r
        |expect "Enter New Password again to verify: "
        |send eW8/ðtW0=čcG9#čuX7,ðlP1+№xM3,\r
        |expect eof
        |+------------ end of [[change_password_through_pam_stack] ready to execute exp file [/tmp/tmp.XdIHwlAMTh/changepassword.24362.exp]] -----------+
send: spawn id exp5 not open
    while executing
"send Password_123\r"
    (file "/tmp/tmp.XdIHwlAMTh/changepassword.24362.exp" line 6)
        |+------- begining of [[change_password_through_pam_stack] output of exp file execution] -----------+
        |spawn sudo -u test_user ipa passwd test_user
        |ipa: ERROR: Could not create log_dir u'/home/test_user/.ipa/log'
        |ipa: ERROR: RuntimeError: Unable to create cache directory: [Errno 13] Permission denied: '/home/test_user'
        |Traceback (most recent call last):
        |  File "/usr/lib/python2.7/site-packages/ipalib/cli.py", line 1347, in run
        |    api.finalize()
        |  File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 701, in finalize
        |    self.__do_if_not_done('load_plugins')
        |  File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 416, in __do_if_not_done
        |    getattr(self, name)()
        |  File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 579, in load_plugins
        |    for package in self.packages:
        |  File "/usr/lib/python2.7/site-packages/ipalib/__init__.py", line 919, in packages
        |    ipaclient.remote_plugins.get_package(self),
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 17, in get_package
        |    plugins = schema.get_package(api, client)
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 494, in get_package
        |    fingerprint = str(schema['fingerprint'])
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 443, in __getitem__
        |    self._ensure_cached()
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 422, in _ensure_cached
        |    (fp, exp) = self._get_schema()
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 390, in _get_schema
        |    self._store(fp, schema)
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 453, in _store
        |    _ensure_dir_created(SCHEMA_DIR)
        |  File "/usr/lib/python2.7/site-packages/ipaclient/remote_plugins/schema.py", line 283, in _ensure_dir_created
        |    "".format(e))
        |RuntimeError: Unable to create cache directory: [Errno 13] Permission denied: '/home/test_user'
        |ipa: ERROR: an internal error has occurred
        |+------------ end of [[change_password_through_pam_stack] output of exp file execution] -----------+

Expected results:
Need to fix the issue.
 
Additional info: This issue was seen for many of the testcases which ran in beaker job for ipa-password module.

Comment 5 Sudhir Menon 2016-08-23 12:32:54 UTC
Traceback or permission denied message is not seen for any of the tests for ipa-password.
Verified on RHEL7.3 using 

ipa-server-4.4.0-8.el7.x86_64
sssd-1.14.0-27.el7.x86_64


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: grouppolicy check length maximum value
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: check upper bound of length setting
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   PASS   ] :: create group [test_group], desc=[test group] (Expected 0, got 0)
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   LOG    ] :: [reset_group_pwpolicy] success
:: [   LOG    ] :: disable other password policy constrains
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   PASS   ] :: Command '/usr/bin/kdestroy -qA ' (Expected 0, got 0)
:: [   LOG    ] :: precondition: minlife=[0] minclasses=[0] history=[0]
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   PASS   ] :: [add_test_user] PASS: create user [test_user] and set password [Password_123] success 
:: [   LOG    ] :: [add_test_user] success
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   LOG    ] :: add user [test_user] as member of group [test_group]: ipa group-add-member test_group --users=test_user
:: [   PASS   ] :: Command 'ipa group-add-member test_group --users=test_user' (Expected 0, got 0)
:: [   LOG    ] :: there is no real upper-bound of password length, I will try some bigger but resonable number here [30]
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   LOG    ] :: [Local_KinitAsAdmin] success
:: [   PASS   ] :: Command '/usr/bin/kdestroy -qA ' (Expected 0, got 0)
:: [   LOG    ] :: len=[30] edge=[30]
:: [   LOG    ] :: minlength=[30], now continue test
:: [   LOG    ] :: minlength=[30], current len [29],password=[bC9~πdN0=ðxB3=špD2+№gM2+đnE5%]
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   PASS   ] :: validating current password (Expected 0, got 0)
:: [   PASS   ] :: password change failed, this is expected 
:: [   LOG    ] :: minlength=[30], current len [30],class=[5]
:: [   LOG    ] :: minlength=[30], current len [30],password=[qI4,ðjG7+وnF8%๐uC4=čjE9#đtT1%è]
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   PASS   ] :: validating current password (Expected 0, got 0)
:: [   PASS   ] :: password change success is expected 
:: [   LOG    ] :: minlength=[30], current len [31],password=[cJ4=ènK8+èrC7=ŵmO5%ðsK6,ðjJ2/đb]
:: [   PASS   ] :: Command 'rlDistroDiff keyctl' (Expected 0, got 0)
:: [   PASS   ] :: validating current password (Expected 0, got 0)
:: [   PASS   ] :: password change success is expected 
:: [   LOG    ] :: Duration: 41s
:: [   LOG    ] :: Assertions: 17 good, 0 bad
:: [   PASS   ] :: RESULT: grouppolicy check length maximum value

Comment 13 errata-xmlrpc 2016-11-04 06:00:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html


Note You need to log in before you can comment on or make changes to this bug.