[Bug 1842408] Re: rabbitmq-server writes to /etc/rabbitmq

Bryce Harrington 1842408 at bugs.launchpad.net
Wed Sep 4 18:55:21 UTC 2019 

Confirmed that with /etc/rabbit owned by rabbitmq:rabbitmq, rabbitmq-
plugins is able to enable/disable plugins when run as user rabbitmq:

# chsh rabbitmq /bin/bash
# chown -R rabbitmq:rabbitmq /etc/rabbitmq/
# su rabbitmq
rabbitmq at review-eoan:/var/log$ rabbitmq-plugins enable --all
The following plugins have been configured:
  rabbitmq_amqp1_0
  rabbitmq_auth_backend_cache
  ..
rabbitmq at review-eoan:/var/log$ rabbitmq-plugins disable --all
All plugins have been disabled.
Applying plugin configuration to rabbit at review-eoan...
The following plugins have been disabled:
  rabbitmq_recent_history_exchange
  rabbitmq_management_agent
  ..

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to rabbitmq-server in Ubuntu.
https://bugs.launchpad.net/bugs/1842408

Title:
  rabbitmq-server writes to /etc/rabbitmq

Status in rabbitmq-server package in Ubuntu:
  New

Bug description:
  Hi, 
  I just ran into a design problem of the ubuntu/debian installation of rabbitmq-server.

  I tried to configure rabbitmq with puppet, it didn't work, and I
  debugged it.

  Problem: the puppet plugin changes ownership of /etc/rabbitmq to root,
  while the ubuntu/debian package requires it to be rabbitmq.rabbitmq,
  because the tool rabbitmq-plugins needs to write to
  /etc/rabbitmq/enabled_plugins and create
  /etc/rabbitmq/enabled_plugins.tmp

  
  So if the /etc/rabbitmq belongs root, rabbitmq-plugins can write only if run as root, but then it issues error message because ownership trouble with rabbitmq daemon, which expects things to be rabbitmq. 


  It is definitely a poor and insecure idea to give an /etc directory
  ownership to a daemon and use it to store state information.
  /etc/rabbitmq/enabled_plugins definitely belongs to /var/lib/rabbitmq,
  and as far as I know, this is what linux design guides say.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: rabbitmq-server 3.6.10-1
  ProcVersionSignature: Ubuntu 4.15.0-58.64-generic 4.15.18
  Uname: Linux 4.15.0-58-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
  ApportVersion: 2.20.9-0ubuntu7.7
  Architecture: amd64
  CurrentDesktop: LXDE
  Date: Tue Sep  3 12:17:42 2019
  InstallationDate: Installed on 2018-04-30 (491 days ago)
  InstallationMedia: Lubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
  PackageArchitecture: all
  SourcePackage: rabbitmq-server
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.default.rabbitmq-server: [modified]
  mtime.conffile..etc.default.rabbitmq-server: 2019-09-02T17:17:09.167373

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rabbitmq-server/+bug/1842408/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list