-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-9.4
-
ipa-healthcheck-0.16-7.el9
-
No
-
Low
-
3
-
rhel-idm-ipa
-
ssg_idm
-
2
-
False
-
False
-
-
No
-
2025-Q1-Bravo-S6, 2025-Q2-Bravo-S2, 2025-Q2-Alpha-S6
-
Unspecified Release Note Type - Unknown
-
None
1. umask is set to 027 in /etc/login.defs
2. ipa-healthcheck keeps reverting to the wrong permissions at each ipa stop/start:
ERROR: ipahealthcheck.ipa.files.IPAFileCheck._run_ipa_services.list_mode: Permissions of /run/ipa/services.list are too restrictive: 0640 and should be 0644
We noticed that this happened after the patching to ipa-server-4.11.0-15.el9_4.x86_64. It seems ipa-healthcheck understand 0640 to be an error but it’s what “ipactl start” wants it to be, from the strace:
openat(AT_FDCWD, "/run/ipa/services.list", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0640, st_size=89, ...}) = 0
- relates to
-
RHEL-68312 File permissions issues in IPA due to default system umask
-
- Planning
-
- links to
-
RHBA-2025:149965 ipa-healthcheck bug fix and enhancement update