db2ldif: can't open /home/admin/ldap-setup/OrgRoot-new.ldif: 13 (Permission denied)
We see this message, and we gloss over it a bit. However, to a user it is a source of confusion, because they ofter run db2ldif as root, yet why can it not access this file?
I think we can improve this
db2ldif: running as user dirsrv db2ldif: can't open \"<path>\" as <user>: 13 (Permission denied)
This way, the administrator quickly, and clearly knows the issue is that we drop privs, and the location is not accessible to the running user.
{{{ {root@ldapkdc 16:29} /opt/dirsrv/var/run/dirsrv I0> /opt/dirsrv/sbin/db2ldif -Z localhost -n userRoot -a /root/backup/bak.ldif Exported ldif file: /root/backup/bak.ldif ldiffile: /root/backup/bak.ldif [08/Nov/2016:16:29:24.683898196 +1000] - ERR - ldbm_back_ldbm2ldif - db2ldif: can't open /root/backup/bak.ldif: 13 (Permission denied) while running as user "dirsrv" [08/Nov/2016:16:29:24.922910068 +1000] - INFO - dblayer_pre_close - All database threads now stopped
}}}
attachment 0001-Ticket-48945-Improve-db2ldif-error-message.patch
A good idea to show the user name running the server.
Could there be another factor SELinux? If the output location is not allowed in terms of the SELinux definition, it fails regardless of the user? (but that'd beyond of this ticket, I guess...)
Selinux is a factor, but it's hard to identify from within the process. I think this hint is a first step to improving this, and as I find more of these messages, I'll be improving them too.
commit 17e551b9f26760ff4c214bd76841929adfcf87e6 Writing objects: 100% (17/17), 2.53 KiB | 0 bytes/s, done. Total 17 (delta 13), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git 4d448d3..9917640 master -> master
Metadata Update from @nhosoi: - Issue assigned to firstyear - Issue set to the milestone: 1.3.6 backlog
389-ds-base is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in 389-ds-base's github repository.
This issue has been cloned to Github and is available here: - https://github.com/389ds/389-ds-base/issues/2004
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @spichugi: - Issue close_status updated to: wontfix (was: Fixed)
Login to comment on this ticket.