What | Removed | Added |
---|---|---|
Flags | needinfo?(thomas.blume@suse.com) |
(In reply to Antonio Feijoo from comment #9) > (In reply to Stefan Hundhammer from comment #7) > > Please notice that the check condition is if the "rpcbind" command is > > available, not if the "rpc" user group exists. > > Thomas, I see you maintain rpcbind. Do you know if the rpcbind command > always requires the rpc user and group to own /run/rpcbind? This solved > https://bugzilla.suse.com/show_bug.cgi?id=1177461#c39 Hi Antonio, /run/rpcbind is actually RPCBIND_STATEDIR where it writes its state files in case of a warmstart (this is configured in rpcbind.service via the -w parameter). It would create the directory itself on startup: --> mkdir_warmstart(int uid) { /* Already exists? */ if (access(RPCBIND_STATEDIR, X_OK) == 0) return; if (mkdir(RPCBIND_STATEDIR, 0770) == 0) { int fd = open(RPCBIND_STATEDIR, O_RDONLY | O_DIRECTORY | O_NOFOLLOW); if (fd >= 0) { if (fchown(fd, uid, -1) < 0) { syslog(LOG_ERR, "mkdir_warmstart: open failed '%s', errno %d (%s)", ..< I guess in that case it will have the UID and GID of the rpcbind binary. When I create /run/rpcbind with a different uid before the rpcbind startup, I get an error: --> Nov 07 10:25:28 localhost systemd[1]: Starting RPC Bind... Nov 07 10:25:28 localhost rpcbind[13885]: mkdir_warmstart: mkdir failed '/run/rpcbind', errno 17 (File exists) --< The same is true when I remove the rpc user: --> Nov 07 10:21:45 localhost rpcbind[13614]: cannot get uid of 'rpc': Success Nov 07 10:21:45 localhost systemd[1]: rpcbind.service: Main process exited, code=exited, status=1/FAILURE --< So, most probably the chown shouldn't be necessary. I case of: https://bugzilla.suse.com/show_bug.cgi?id=1177461#c39 it seems that /run/rpcbind was already present with wrong permissions. So, I guess an "rm -rf /run/rpcbind" instead of a chown in the initrd would do.