[Touch-packages] [Bug 1874915] Re: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system
I agree with Sam and Andreas, we should not change the krb5kdc systemd unit file because of freeipa. I am assigning this bug back to freeipa. ** Package changed: krb5 (Ubuntu) => freeipa (Ubuntu) ** Changed in: freeipa (Ubuntu) Status: New => Triaged ** Changed in: freeipa (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1874915 Title: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Status in freeipa package in Ubuntu: Triaged Bug description: Hopefully this can trivially be corrected. Seems the systemd service file for the kerberos portion of freeipa could use a minor tweak. When restarting the kerberos service, it (incorrectly) reports that the default configured log file (/var/log/krb5kdc.log) is sending to a "read only filesystem". This is a misleading error, since the /var/log directory by default -IS- writeable, but systemd is in fact preventing the daemon from writing. Why systemd can't inject itself inappropriately and report that it's causing the trouble is another conversation. ;) [not personally a systemd fan] File: = /lib/systemd/system/krb5-kdc.service Command: = service krb5-kdc restart Error: = krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Please make the following adjustment to the default systemd file. = 13c13 < ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run --- > ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run /var/log Thank you for all the help and support. :) Cheers, -Chris To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1874915/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1874915] Re: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system
In general I tend to agree with Sam. A config was changed (kdc logging to a file in /var/log/), and for it to work fully another config needs to be changed (systemd). FreeIPA (who made the first change) can easily create a systemd override for this. That being said, it's not super unreasonable for a user, after reading the kdc.conf(8) manpage, to expect logging to a file in /var/log to work. Were the logfile in, say, /var/adm, or some other nonexistent directory, I can easily see how that would require further configuration, but not /var/log. That I find a bit unexpected. I would however generally recommend to use SYSLOG and the AUTH facility, that would seem to offer better integration. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1874915 Title: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Status in krb5 package in Ubuntu: New Bug description: Hopefully this can trivially be corrected. Seems the systemd service file for the kerberos portion of freeipa could use a minor tweak. When restarting the kerberos service, it (incorrectly) reports that the default configured log file (/var/log/krb5kdc.log) is sending to a "read only filesystem". This is a misleading error, since the /var/log directory by default -IS- writeable, but systemd is in fact preventing the daemon from writing. Why systemd can't inject itself inappropriately and report that it's causing the trouble is another conversation. ;) [not personally a systemd fan] File: = /lib/systemd/system/krb5-kdc.service Command: = service krb5-kdc restart Error: = krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Please make the following adjustment to the default systemd file. = 13c13 < ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run --- > ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run /var/log Thank you for all the help and support. :) Cheers, -Chris To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1874915/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
Re: [Touch-packages] [Bug 1874915] Re: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system
I'm going to push back on the reassignment to krb5. I think this is a freeipa bug. Kerberos's systemd service unit is correct for Kerberos. freeipa is the one that is deciding it wants to change the Kerberos logging configuration, and thus is the one that should adjust the permissions. Honestly I'd rather see this fixed by freeipa not messing around with Kerberos configs so much, but especially not logging config. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1874915 Title: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Status in krb5 package in Ubuntu: New Bug description: Hopefully this can trivially be corrected. Seems the systemd service file for the kerberos portion of freeipa could use a minor tweak. When restarting the kerberos service, it (incorrectly) reports that the default configured log file (/var/log/krb5kdc.log) is sending to a "read only filesystem". This is a misleading error, since the /var/log directory by default -IS- writeable, but systemd is in fact preventing the daemon from writing. Why systemd can't inject itself inappropriately and report that it's causing the trouble is another conversation. ;) [not personally a systemd fan] File: = /lib/systemd/system/krb5-kdc.service Command: = service krb5-kdc restart Error: = krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Please make the following adjustment to the default systemd file. = 13c13 < ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run --- > ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run /var/log Thank you for all the help and support. :) Cheers, -Chris To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1874915/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1874915] Re: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system
** Package changed: freeipa (Ubuntu) => krb5 (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to krb5 in Ubuntu. https://bugs.launchpad.net/bugs/1874915 Title: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Status in krb5 package in Ubuntu: New Bug description: Hopefully this can trivially be corrected. Seems the systemd service file for the kerberos portion of freeipa could use a minor tweak. When restarting the kerberos service, it (incorrectly) reports that the default configured log file (/var/log/krb5kdc.log) is sending to a "read only filesystem". This is a misleading error, since the /var/log directory by default -IS- writeable, but systemd is in fact preventing the daemon from writing. Why systemd can't inject itself inappropriately and report that it's causing the trouble is another conversation. ;) [not personally a systemd fan] File: = /lib/systemd/system/krb5-kdc.service Command: = service krb5-kdc restart Error: = krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system Please make the following adjustment to the default systemd file. = 13c13 < ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run --- > ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run /var/log Thank you for all the help and support. :) Cheers, -Chris To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1874915/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
