freeipa team mailing list archive

[Lucas Kanashiro <1874915@xxxxxxxxxxxxxxxxxx>]

I agree with Sam and Andreas, we should not change the krb5kdc systemd
unit file because of freeipa. I am assigning this bug back to freeipa.

** Package changed: krb5 (Ubuntu) => freeipa (Ubuntu)

** Changed in: freeipa (Ubuntu)
       Status: New => Triaged

** Changed in: freeipa (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1874915

Title:
  krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only
  file system

Status in freeipa package in Ubuntu:
  Triaged

Bug description:
  Hopefully this can trivially be corrected.

  Seems the systemd service file for the kerberos portion of freeipa
  could use a minor tweak.

  When restarting the kerberos service, it (incorrectly) reports that
  the default configured log file (/var/log/krb5kdc.log) is sending to a
  "read only filesystem".  This is a misleading error, since the
  /var/log directory by default -IS- writeable, but systemd is in fact
  preventing the daemon from writing.  Why systemd can't inject itself
  inappropriately and report that it's causing the trouble is another
  conversation. ;) [not personally a systemd fan]

  
  File:
  =====
  /lib/systemd/system/krb5-kdc.service

  Command:
  =====
  service krb5-kdc restart

  Error:
  =====
  krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system

  
  Please make the following adjustment to the default systemd file.
  =====
  13c13
  < ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run
  ---
  > ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run /var/log


  Thank you for all the help and support.  :)

  Cheers,
  -Chris

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1874915/+subscriptions