#7032 Httpd log: Failed to set perm on ccache
Opened 2 years ago by mbasti. Modified a year ago

In httpd log there are occurring following warning:
[client 10.34.78.126:38324] failed to set perms (3140) on file (/var/run/ipa/ccaches/admin@EXAMPLE.TEST)!, referer: https://ipa.example.test/ipa/xml

Selinux is in permissive mode


Wild guess: Isn't it possible that it's caused by the line
GssapiDelegCcachePerms mode:0660 gid:ipaapi
in /etc/httpd/conf.d/ipa.conf?

Guys, we went through this a month ago. We cannot change GssapiDelegCcachePerms line because it will make mod_auth_gssapi + gss-proxy failing. Please ignore this message in the logs.

Sure, and this is why mod_auth_gssapi changed this to a warning instead of an error. I don't think we should spend more time on it.

Metadata Update from @pvoborni:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

2 years ago

Metadata Update from @cheimes:
- Issue priority set to: important
- Issue set to the milestone: FreeIPA 4.6
- Issue status updated to: Open (was: Closed)

2 years ago

Latest nighly builds are still affected:

[Mon Dec 11 15:41:04.603574 2017] [:error] [pid 20798:tid 140625743668992] [client 192.168.183.101:52624] failed to set perms (3140) on file (/var/run/ipa/ccaches/admin@IPA.TEST)!, referer: https://master.ipa.test/ipa/xml

Aleksei Slaikovskii and me were able to reproduce the issue with FreeIPA master ( mod_auth_gssapi-1.5.1-6.fc27.x86_64) on Fedora 27 and FreeIPA 4.5 (mod_auth_gssapi-1.5.1-5.el7.x86_64) on RHEL. The Apache error log is spammed with warnings, literally every second line.

A default installation of FreeIPA with our default Apache log level must not write the message into Apache HTTP's error log.

Metadata Update from @cheimes:
- Issue set to the milestone: FreeIPA 4.5 (was: FreeIPA 4.6)

2 years ago

I have updated (bodhi) the f27 builds to include the fix (mod_auth_gssapi-1.6.0-1). For RHEL builds, please file a Bugzilla if you need something addressed.

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.5.5 (was: FreeIPA 4.5)

2 years ago

This is still occurring in F28:

[Thu Feb 14 14:57:13.418342 2019] [:warn] [pid 3436:tid 140690445039360] [client 192.168.166.78:40684] failed to set perms (3140) on file (/run/ipa/ccaches/admin@EXAMPLE.TEST)!, referer: https://ipa.example.test/ipa/xml

rpm -q mod_auth_gssapi

mod_auth_gssapi-1.6.0-1.fc28.x86_64

Login to comment on this ticket.

Metadata