8000 Cobblerd start failure due to incorrect ownership of /var/lib/cobbler/web.ss · Issue #3446 · cobbler/cobbler · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Cobblerd start failure due to incorrect ownership of /var/lib/cobbler/web.ss #3446

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
cinnion opened this issue Jun 8, 2023 · 2 comments · Fixed by #3454
Closed

Cobblerd start failure due to incorrect ownership of /var/lib/cobbler/web.ss #3446

cinnion opened this issue Jun 8, 2023 · 2 comments · Fixed by #3454
Assignees
@SchoolGuy
Labels
3.3.3 Release 3.3.3 Bug Report Reporting a bug
Milestone
v3.3.4

Comments

@cinnion
Copy link
Contributor
cinnion commented Jun 8, 2023

As has been noted for some time, cobblerd will fail to start after a restart, giving an error about /var/lib/cobbler/web.ss. This was reported in #2183, and discussed elsewhere. When successfully starting, the permission began as:

-rw-r--r--. 1 root root system_u:object_r:cobbler_var_lib_t:s0 1024 Jun 7 09:46 /var/lib/cobbler/web.ss

but after starting, the permission becomes:

-rw-r--r--. 1 apache root system_u:object_r:cobbler_var_lib_t:s0 1024 Jun 7 09:47 /var/lib/cobbler/web.ss

And while the ownership remains as apache, the cobblerd server will fail to start.

The problem is that in cobblerd.py:regen_ss_file(), after this file is created by cobblerd for use in authorizing the CLI and web, the routine changes the ownership to 'apache', and then when the process is restarted, the routine once again tries to open it for writing the random 1024 byte auth token, the open fails. Changing the ownership back to root fixes the issue.

Steps to reproduce

  1. Start the server for the first time... it starts.
  2. Restart the server, It will fail with an error opening /var/lib/cobbler/web.ss
  3. Changing the ownership of the file back to root.root and restarting will succeed.

Expected behavior

The cobblerd service would restart each and every time.

Cobbler version

Cobbler 3.3.3
  source: ?, ?
  build time: Tue Jun 14 00:00:00 2022

(From EPEL 9 repository)

Operating system

Rocky Linux release 9.2 (Blue Onyx)

Cobbler log

[Daemon] 2023-06-07T22:11:08 - INFO | running: ['/usr/sbin/selinuxenabled']
[Daemon] 2023-06-07T22:11:08 - INFO | received on stdout: 
[Daemon] 2023-06-07T22:11:08 - DEBUG | received on stderr: 
[Daemon] 2023-06-07T22:11:08 - INFO | Automigration NOT executed
[Daemon] 2023-06-07T22:11:09 - INFO | python3-hivex not found. If you need Automatic Windows Installation support, please install.
[Daemon] 2023-06-07T22:11:09 - INFO | 11 breeds and 131 OS versions read from the signature file
[Daemon] 2023-06-07T22:11:09 - DEBUG | API handle initialized
[Daemon] 2023-06-07T22:11:09 - ERROR | [Errno 13] Permission denied: '/var/lib/cobbler/web.ss'

Screenshots

Additional information

The fix is to remove the call to os.lchown() from cobblerd.py:regen_ss_file()
@cinnion cinnion added the Bug Report Reporting a bug label Jun 8, 2023
@SchoolGuy SchoolGuy added the 3.3.3 Release 3.3.3 label Jun 9, 2023
@SchoolGuy
Copy link
Member

@cinnion This file is just used for the CLI authentication since the WebUI was removed in 3.3.0. With the next version of Cobbler, this file will be removed as the new CLI will use the standard XML-RPC API for authentication. As such you are welcome to open a PR against the release33 branch but the allocated time and priorities at work don't allow me to take care of this atm.

@SchoolGuy SchoolGuy added this to the v3.3.4 milestone Jun 9, 2023
@SchoolGuy SchoolGuy self-assigned this Oct 28, 2023
@SchoolGuy SchoolGuy mentioned this issue Oct 28, 2023
Merged
12 tasks
@SchoolGuy SchoolGuy linked a pull request Oct 28, 2023 that will close this issue
Address issue #3445 - Fix issue with web.ss file ownership for restarts #3454
Merged
12 tasks
@SchoolGuy
Copy link
Member

This is already fixed. Closing issue.

@github-project-automation github-project-automation bot moved this from Todo to Done in Cobbler Server Oct 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SchoolGuy SchoolGuy

Labels
3.3.3 Release 3.3.3 Bug Report Reporting a bug
Projects
Cobbler Server
Status: Done
Milestone
v3.3.4
Development

Successfully merging a pull request may close this issue.

Address issue #3445 - Fix issue with web.ss file ownership for restarts cinnion/cobbler
2 participants
@cinnion @SchoolGuy
0