-
Bug
-
Resolution: Done-Errata
-
Normal
-
None
-
4.13.0
-
Moderate
-
No
-
False
-
-
-
Bug Fix
-
In Progress
Description of problem:
The /var/log/kube-apiserver/termination.log on nodes should all have 600 permission. Now, on one node, the permission is 644: $ for node in `oc get node -l node-role.kubernetes.io/master= --no-headers | awk '{print $1}'`; do oc debug node/$node -- chroot /host ls -ltr /var/log/kube-apiserver/; done Temporary namespace openshift-debug-ngrgt is created for debugging node... Starting pod/yinzhou-417-x2gkh-master-0copenshift-qeinternal-debug ... To use host binaries, run `chroot /host` total 131012 -rw-r--r--. 1 root root 4 Apr 17 01:32 termination.log -rw-------. 1 root root 126479251 Apr 17 02:12 audit.log Removing debug pod ... Temporary namespace openshift-debug-ngrgt was removed. Temporary namespace openshift-debug-cm822 is created for debugging node... Starting pod/yinzhou-417-x2gkh-master-1copenshift-qeinternal-debug ... To use host binaries, run `chroot /host` total 112900 -rw-------. 1 root root 395190 Apr 17 01:38 termination.log -rw-------. 1 root root 61833081 Apr 17 02:12 audit.log Removing debug pod ... Temporary namespace openshift-debug-cm822 was removed. Temporary namespace openshift-debug-kbwf4 is created for debugging node... Starting pod/yinzhou-417-x2gkh-master-2copenshift-qeinternal-debug ... To use host binaries, run `chroot /host` total 155052 -rw-------. 1 root root 41787 Apr 17 01:35 termination.log -rw-------. 1 root root 114412212 Apr 17 02:13 audit.log Removing debug pod ... Temporary namespace openshift-debug-kbwf4 was removed.
Version-Release number of selected component (if applicable):
4.13.0-0.nightly-2023-04-15-102029
How reproducible:
Always
Steps to Reproduce:
1. As description.
Actual results:
1. As description.
Expected results:
The /var/log/kube-apiserver/termination.log on all master nodes should all have 600 permission.
Additional info:
- blocks
-
-
- Closed
-
- is cloned by
-
-
- Closed
-
- links to
-
RHEA-2023:7198
rpm
