In httpd log there are occurring following warning: [client 10.34.78.126:38324] failed to set perms (3140) on file (/var/run/ipa/ccaches/admin@EXAMPLE.TEST)!, referer: https://ipa.example.test/ipa/xml
[client 10.34.78.126:38324] failed to set perms (3140) on file (/var/run/ipa/ccaches/admin@EXAMPLE.TEST)!, referer: https://ipa.example.test/ipa/xml
Selinux is in permissive mode
This is not an issue. See https://github.com/modauthgssapi/mod_auth_gssapi/commit/12ebe14ee6636801c750eb6e982b30635788e4ba
Wild guess: Isn't it possible that it's caused by the line GssapiDelegCcachePerms mode:0660 gid:ipaapi in /etc/httpd/conf.d/ipa.conf?
GssapiDelegCcachePerms mode:0660 gid:ipaapi
/etc/httpd/conf.d/ipa.conf
Guys, we went through this a month ago. We cannot change GssapiDelegCcachePerms line because it will make mod_auth_gssapi + gss-proxy failing. Please ignore this message in the logs.
GssapiDelegCcachePerms
mod_auth_gssapi
gss-proxy
It may scary users
Sure, and this is why mod_auth_gssapi changed this to a warning instead of an error. I don't think we should spend more time on it.
Metadata Update from @pvoborni: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Metadata Update from @cheimes: - Issue priority set to: important - Issue set to the milestone: FreeIPA 4.6 - Issue status updated to: Open (was: Closed)
Latest nighly builds are still affected:
[Mon Dec 11 15:41:04.603574 2017] [:error] [pid 20798:tid 140625743668992] [client 192.168.183.101:52624] failed to set perms (3140) on file (/var/run/ipa/ccaches/admin@IPA.TEST)!, referer: https://master.ipa.test/ipa/xml
Aleksei Slaikovskii and me were able to reproduce the issue with FreeIPA master ( mod_auth_gssapi-1.5.1-6.fc27.x86_64) on Fedora 27 and FreeIPA 4.5 (mod_auth_gssapi-1.5.1-5.el7.x86_64) on RHEL. The Apache error log is spammed with warnings, literally every second line.
mod_auth_gssapi-1.5.1-6.fc27.x86_64
mod_auth_gssapi-1.5.1-5.el7.x86_64
A default installation of FreeIPA with our default Apache log level must not write the message into Apache HTTP's error log.
Metadata Update from @cheimes: - Issue set to the milestone: FreeIPA 4.5 (was: FreeIPA 4.6)
I have updated (bodhi) the f27 builds to include the fix (mod_auth_gssapi-1.6.0-1). For RHEL builds, please file a Bugzilla if you need something addressed.
Metadata Update from @pvoborni: - Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5)
This is still occurring in F28:
[Thu Feb 14 14:57:13.418342 2019] [:warn] [pid 3436:tid 140690445039360] [client 192.168.166.78:40684] failed to set perms (3140) on file (/run/ipa/ccaches/admin@EXAMPLE.TEST)!, referer: https://ipa.example.test/ipa/xml
mod_auth_gssapi-1.6.0-1.fc28.x86_64
Still seeing this in Fedora 33:
rpm -q mod_auth_gssapi mod_auth_gssapi-1.6.3-1.fc33.x86_64
rpm -q mod_auth_gssapi
mod_auth_gssapi-1.6.3-1.fc33.x86_64
Failed to set perms (3140) on file (/run/ipa/ccaches/admin@OURDOMAIN.EDU)!, referer: https://oudomain.edu/ipa/xml
Login to comment on this ticket.