Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-67901

Add support for umask=027 to ipa-healthcheck

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.4
    • ipa-healthcheck
    • None
    • rhel-sst-idm-ipa
    • ssg_idm
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      1. umask is set to 027 in /etc/login.defs

      2. ipa-healthcheck keeps reverting to the wrong permissions at each ipa stop/start:

      ERROR: ipahealthcheck.ipa.files.IPAFileCheck._run_ipa_services.list_mode: Permissions of /run/ipa/services.list are too restrictive: 0640 and should be 0644

      We noticed that this happened after the patching to ipa-server-4.11.0-15.el9_4.x86_64. It seems ipa-healthcheck understand 0640 to be an error but it’s what “ipactl start” wants it to be, from the strace:

      openat(AT_FDCWD, "/run/ipa/services.list", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0640, st_size=89, ...}) = 0

              rhn-engineering-rcrit Rob Crittenden
              rhn-support-qpham Quynh Anh Pham
              Rob Crittenden Rob Crittenden
              Sudhir Menon Sudhir Menon
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: