[Bug 1874915] Re: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system

Andreas Hasenack andreas at canonical.com
Mon Apr 27 12:46:27 UTC 2020 

In general I tend to agree with Sam. A config was changed (kdc logging
to a file in /var/log/), and for it to work fully another config needs
to be changed (systemd). FreeIPA (who made the first change) can easily
create a systemd override for this.

That being said, it's not super unreasonable for a user, after reading
the kdc.conf(8) manpage, to expect logging to a file in /var/log to
work. Were the logfile in, say, /var/adm, or some other nonexistent
directory, I can easily see how that would require further
configuration, but not /var/log. That I find a bit unexpected.

I would however generally recommend to use SYSLOG and the AUTH facility,
that would seem to offer better integration.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1874915

Title:
  krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only
  file system

Status in krb5 package in Ubuntu:
  New

Bug description:
  Hopefully this can trivially be corrected.

  Seems the systemd service file for the kerberos portion of freeipa
  could use a minor tweak.

  When restarting the kerberos service, it (incorrectly) reports that
  the default configured log file (/var/log/krb5kdc.log) is sending to a
  "read only filesystem".  This is a misleading error, since the
  /var/log directory by default -IS- writeable, but systemd is in fact
  preventing the daemon from writing.  Why systemd can't inject itself
  inappropriately and report that it's causing the trouble is another
  conversation. ;) [not personally a systemd fan]

  
  File:
  =====
  /lib/systemd/system/krb5-kdc.service

  Command:
  =====
  service krb5-kdc restart

  Error:
  =====
  krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system

  
  Please make the following adjustment to the default systemd file.
  =====
  13c13
  < ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run
  ---
  > ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run /var/log


  Thank you for all the help and support.  :)

  Cheers,
  -Chris

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1874915/+subscriptions

More information about the foundations-bugs mailing list