[Bug 1842408] Re: rabbitmq-server writes to /etc/rabbitmq
Bryce Harrington
1842408 at bugs.launchpad.net
Wed Sep 4 18:55:21 UTC 2019
Confirmed that with /etc/rabbit owned by rabbitmq:rabbitmq, rabbitmq-
plugins is able to enable/disable plugins when run as user rabbitmq:
# chsh rabbitmq /bin/bash
# chown -R rabbitmq:rabbitmq /etc/rabbitmq/
# su rabbitmq
rabbitmq at review-eoan:/var/log$ rabbitmq-plugins enable --all
The following plugins have been configured:
rabbitmq_amqp1_0
rabbitmq_auth_backend_cache
..
rabbitmq at review-eoan:/var/log$ rabbitmq-plugins disable --all
All plugins have been disabled.
Applying plugin configuration to rabbit at review-eoan...
The following plugins have been disabled:
rabbitmq_recent_history_exchange
rabbitmq_management_agent
..
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to rabbitmq-server in Ubuntu.
https://bugs.launchpad.net/bugs/1842408
Title:
rabbitmq-server writes to /etc/rabbitmq
Status in rabbitmq-server package in Ubuntu:
New
Bug description:
Hi,
I just ran into a design problem of the ubuntu/debian installation of rabbitmq-server.
I tried to configure rabbitmq with puppet, it didn't work, and I
debugged it.
Problem: the puppet plugin changes ownership of /etc/rabbitmq to root,
while the ubuntu/debian package requires it to be rabbitmq.rabbitmq,
because the tool rabbitmq-plugins needs to write to
/etc/rabbitmq/enabled_plugins and create
/etc/rabbitmq/enabled_plugins.tmp
So if the /etc/rabbitmq belongs root, rabbitmq-plugins can write only if run as root, but then it issues error message because ownership trouble with rabbitmq daemon, which expects things to be rabbitmq.
It is definitely a poor and insecure idea to give an /etc directory
ownership to a daemon and use it to store state information.
/etc/rabbitmq/enabled_plugins definitely belongs to /var/lib/rabbitmq,
and as far as I know, this is what linux design guides say.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: rabbitmq-server 3.6.10-1
ProcVersionSignature: Ubuntu 4.15.0-58.64-generic 4.15.18
Uname: Linux 4.15.0-58-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
CurrentDesktop: LXDE
Date: Tue Sep 3 12:17:42 2019
InstallationDate: Installed on 2018-04-30 (491 days ago)
InstallationMedia: Lubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
PackageArchitecture: all
SourcePackage: rabbitmq-server
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.default.rabbitmq-server: [modified]
mtime.conffile..etc.default.rabbitmq-server: 2019-09-02T17:17:09.167373
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/1842408/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list