![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1204929 https://bugzilla.suse.com/show_bug.cgi?id=1204929#c11 Thomas Blume <thomas.blume@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(thomas.blume@suse | |.com) | --- Comment #11 from Thomas Blume <thomas.blume@suse.com> --- (In reply to Antonio Feijoo from comment #9)
(In reply to Stefan Hundhammer from comment #7)
Please notice that the check condition is if the "rpcbind" command is available, not if the "rpc" user group exists.
Thomas, I see you maintain rpcbind. Do you know if the rpcbind command always requires the rpc user and group to own /run/rpcbind? This solved https://bugzilla.suse.com/show_bug.cgi?id=1177461#c39
Hi Antonio, /run/rpcbind is actually RPCBIND_STATEDIR where it writes its state files in case of a warmstart (this is configured in rpcbind.service via the -w parameter). It would create the directory itself on startup: --> mkdir_warmstart(int uid) { /* Already exists? */ if (access(RPCBIND_STATEDIR, X_OK) == 0) return; if (mkdir(RPCBIND_STATEDIR, 0770) == 0) { int fd = open(RPCBIND_STATEDIR, O_RDONLY | O_DIRECTORY | O_NOFOLLOW); if (fd >= 0) { if (fchown(fd, uid, -1) < 0) { syslog(LOG_ERR, "mkdir_warmstart: open failed '%s', errno %d (%s)", ..< I guess in that case it will have the UID and GID of the rpcbind binary. When I create /run/rpcbind with a different uid before the rpcbind startup, I get an error: --> Nov 07 10:25:28 localhost systemd[1]: Starting RPC Bind... Nov 07 10:25:28 localhost rpcbind[13885]: mkdir_warmstart: mkdir failed '/run/rpcbind', errno 17 (File exists) --< The same is true when I remove the rpc user: --> Nov 07 10:21:45 localhost rpcbind[13614]: cannot get uid of 'rpc': Success Nov 07 10:21:45 localhost systemd[1]: rpcbind.service: Main process exited, code=exited, status=1/FAILURE --< So, most probably the chown shouldn't be necessary. I case of: https://bugzilla.suse.com/show_bug.cgi?id=1177461#c39 it seems that /run/rpcbind was already present with wrong permissions. So, I guess an "rm -rf /run/rpcbind" instead of a chown in the initrd would do. -- You are receiving this mail because: You are on the CC list for the bug.