[Bug 1842408] Re: rabbitmq-server writes to /etc/rabbitmq

Bryce Harrington 1842408 at bugs.launchpad.net
Wed Sep 4 18:44:30 UTC 2019 

Confirmed that setting ownership of /etc/rabbitmq to root doesn't
*appear* to break the service itself:

# service rabbitmq-server stop
# chown -R root:root /etc/rabbitmq/
# ls /etc/rabbitmq/
drwxr-xr-x 2 root root 4096 Sep  4 18:33 /etc/rabbitmq/

# service rabbitmq-server status | cat
● rabbitmq-server.service - RabbitMQ Messaging Server
   Loaded: loaded (/lib/systemd/system/rabbitmq-server.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-09-04 18:36:48 UTC; 1min 20s ago
 Main PID: 24598 (beam.smp)
   Status: "Initialized"
    Tasks: 127 (limit: 4915)
   Memory: 69.3M
   CGroup: /system.slice/rabbitmq-server.service
           ├─24594 /bin/sh /usr/sbin/rabbitmq-server
           ├─24598 /usr/lib/erlang/erts-10.4.4/bin/beam.smp -W w -A 96 -MBas ageffcbf -MHas ageffcbf -MBlmbcs 512 -MHlmbcs 512 -MMmcs 30 -P 1048576 -t 5000000 -stbt db -zdbbl 128000 -K true -- -root /usr/lib/erlang -progname erl -- -home /var/lib/rabbitmq -- -pa /usr/lib/rabbitmq/lib/rabbitmq_server-3.7.8/ebin -noshell -noinput -s rabbit boot -sname rabbit at review-eoan -boot start_sasl -kernel inet_default_connect_options [{nodelay,true}] -sasl errlog_type error -sasl sasl_error_logger false -rabbit lager_log_root "/var/log/rabbitmq" -rabbit lager_default_file "/var/log/rabbitmq/rabbit at review-eoan.log" -rabbit lager_upgrade_file "/var/log/rabbitmq/rabbit at review-eoan_upgrade.log" -rabbit enabled_plugins_file "/etc/rabbitmq/enabled_plugins" -rabbit plugins_dir "/usr/lib/rabbitmq/plugins:/usr/lib/rabbitmq/lib/rabbitmq_server-3.7.8/plugins" -rabbit plugins_expand_dir "/var/lib/rabbitmq/mnesia/rabbit at review-eoan-plugins-expand" -os_mon start_cpu_sup false -os_mon start_disksup false -os_mon start_memsup false -mnesia dir "/var/lib/rabbitmq/mnesia/rabbit at review-eoan" -kernel inet_dist_listen_min 25672 -kernel inet_dist_listen_max 25672
           ├─24898 erl_child_setup 65536
           ├─24925 inet_gethost 4
           └─24926 inet_gethost 4

Sep 04 18:36:46 review-eoan systemd[1]: Starting RabbitMQ Messaging Server...
Sep 04 18:36:48 review-eoan systemd[1]: rabbitmq-server.service: Supervising process 24598 which is not our child. We'll most likely not notice when it exits.
Sep 04 18:36:48 review-eoan systemd[1]: Started RabbitMQ Messaging Server.

# ls -lad /etc/rabbitmq/
drwxr-xr-x 2 root root 4096 Sep  4 18:33 /etc/rabbitmq/

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to rabbitmq-server in Ubuntu.
https://bugs.launchpad.net/bugs/1842408

Title:
  rabbitmq-server writes to /etc/rabbitmq

Status in rabbitmq-server package in Ubuntu:
  New

Bug description:
  Hi, 
  I just ran into a design problem of the ubuntu/debian installation of rabbitmq-server.

  I tried to configure rabbitmq with puppet, it didn't work, and I
  debugged it.

  Problem: the puppet plugin changes ownership of /etc/rabbitmq to root,
  while the ubuntu/debian package requires it to be rabbitmq.rabbitmq,
  because the tool rabbitmq-plugins needs to write to
  /etc/rabbitmq/enabled_plugins and create
  /etc/rabbitmq/enabled_plugins.tmp

  
  So if the /etc/rabbitmq belongs root, rabbitmq-plugins can write only if run as root, but then it issues error message because ownership trouble with rabbitmq daemon, which expects things to be rabbitmq. 


  It is definitely a poor and insecure idea to give an /etc directory
  ownership to a daemon and use it to store state information.
  /etc/rabbitmq/enabled_plugins definitely belongs to /var/lib/rabbitmq,
  and as far as I know, this is what linux design guides say.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: rabbitmq-server 3.6.10-1
  ProcVersionSignature: Ubuntu 4.15.0-58.64-generic 4.15.18
  Uname: Linux 4.15.0-58-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.7
  Architecture: amd64
  CurrentDesktop: LXDE
  Date: Tue Sep  3 12:17:42 2019
  InstallationDate: Installed on 2018-04-30 (491 days ago)
  InstallationMedia: Lubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
  PackageArchitecture: all
  SourcePackage: rabbitmq-server
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.default.rabbitmq-server: [modified]
  mtime.conffile..etc.default.rabbitmq-server: 2019-09-02T17:17:09.167373

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/1842408/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list