Comment # 11
on bug 1204929
from Thomas Blume
(In reply to Antonio Feijoo from comment #9)
> (In reply to Stefan Hundhammer from comment #7)
> > Please notice that the check condition is if the "rpcbind" command is
> > available, not if the "rpc" user group exists.
>
> Thomas, I see you maintain rpcbind. Do you know if the rpcbind command
> always requires the rpc user and group to own /run/rpcbind? This solved
> https://bugzilla.suse.com/show_bug.cgi?id=1177461#c39
Hi Antonio, /run/rpcbind is actually RPCBIND_STATEDIR where it writes its state
files in case of a warmstart (this is configured in rpcbind.service via the -w
parameter).
It would create the directory itself on startup:
-->
mkdir_warmstart(int uid)
{
/* Already exists? */
if (access(RPCBIND_STATEDIR, X_OK) == 0)
return;
if (mkdir(RPCBIND_STATEDIR, 0770) == 0) {
int fd = open(RPCBIND_STATEDIR, O_RDONLY | O_DIRECTORY |
O_NOFOLLOW);
if (fd >= 0) {
if (fchown(fd, uid, -1) < 0) {
syslog(LOG_ERR,
"mkdir_warmstart: open failed '%s',
errno %d (%s)",
..<
I guess in that case it will have the UID and GID of the rpcbind binary.
When I create /run/rpcbind with a different uid before the rpcbind startup, I
get an error:
-->
Nov 07 10:25:28 localhost systemd[1]: Starting RPC Bind...
Nov 07 10:25:28 localhost rpcbind[13885]: mkdir_warmstart: mkdir failed
'/run/rpcbind', errno 17 (File exists)
--<
The same is true when I remove the rpc user:
-->
Nov 07 10:21:45 localhost rpcbind[13614]: cannot get uid of 'rpc': Success
Nov 07 10:21:45 localhost systemd[1]: rpcbind.service: Main process exited,
code=exited, status=1/FAILURE
--<
So, most probably the chown shouldn't be necessary.
I case of:
https://bugzilla.suse.com/show_bug.cgi?id=1177461#c39
it seems that /run/rpcbind was already present with wrong permissions.
So, I guess an "rm -rf /run/rpcbind" instead of a chown in the initrd would do.