[Bug 1186662] Re: isc-dhcp-server fails to renew lease file

Michael Bienia michael at bienia.de
Wed Aug 7 07:57:41 UTC 2013 

The problem is how dhcpd's implements privilege seperation. It doesn't
work well with AppArmor and kernel (hard)link protection.

dhcpd expects to be able to write the leases file and create new files in /var/lib/dhcp when rotating the leases file hourly.
As dhcpd is run as user dhcpd, the directory and the files there belonged to dhcpd:dhcpd in the past till it caused a problem with AppArmor (see bug #1028526). As a fix for this the directory and the files belong now root:root and dhcpd can start but not rotate the leases file as user dhcpd anymore (current bug).

Trying to just set dhcpd as owner for /var/lib/dhcp doesn't work as then
the kernel hardlink protection triggers when dhcpd tries to hardlink
dhcpd.leases (owned by root) to dhcpd.leases~ when rotating the leases
file as user dhcpd. Setting dhcpd as the owner of the leases file too,
doesn't work either [1] as we are then back where we started.

1: It doesn't work when it belongs dhcpd:dhcpd when the dhcpd get
started, but it works when the leases file belongs root when dhcpd gets
started and *after* dhcpd got started chowned manually back to dhcpd.


The proper fix is to have dhcpd open the leases file as user dhcpd during start and not root and having /var/lib/dhcp/ and the leases file belong to dhcpd:dhcpd.

** Changed in: isc-dhcp (Ubuntu)
       Status: Confirmed => Triaged

** Changed in: isc-dhcp (Ubuntu)
     Assignee: (unassigned) => Michael Bienia (geser)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/1186662

Title:
  isc-dhcp-server fails to renew lease file

Status in “isc-dhcp” package in Ubuntu:
  Triaged

Bug description:
  After raring upgrade, the dhcp server fails to renew lease file when
  it tries to (about every hour).

  The syslog says:
  dhcpd: Can't create new lease file: Permission denied

  It looks like a permission problem, because

  # chown -R dhcpd:dhcpd /var/lib/dhcp

  the above command temporarily solves the issue, until dhcpd is
  restarted: at that time, the ownership of the directory and the lease
  file is set back to root:root.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/1186662/+subscriptions

More information about the foundations-bugs mailing list