rabbitmq-server writes to /etc/rabbitmq
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
rabbitmq-server (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
Hi,
I just ran into a design problem of the ubuntu/debian installation of rabbitmq-server.
I tried to configure rabbitmq with puppet, it didn't work, and I debugged it.
Problem: the puppet plugin changes ownership of /etc/rabbitmq to root, while the ubuntu/debian package requires it to be rabbitmq.rabbitmq, because the tool rabbitmq-plugins needs to write to /etc/rabbitmq/
So if the /etc/rabbitmq belongs root, rabbitmq-plugins can write only if run as root, but then it issues error message because ownership trouble with rabbitmq daemon, which expects things to be rabbitmq.
It is definitely a poor and insecure idea to give an /etc directory ownership to a daemon and use it to store state information. /etc/rabbitmq/
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: rabbitmq-server 3.6.10-1
ProcVersionSign
Uname: Linux 4.15.0-58-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7.7
Architecture: amd64
CurrentDesktop: LXDE
Date: Tue Sep 3 12:17:42 2019
InstallationDate: Installed on 2018-04-30 (491 days ago)
InstallationMedia: Lubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
PackageArchitec
SourcePackage: rabbitmq-server
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
mtime.conffile.
Changed in rabbitmq-server (Ubuntu): | |
status: | Expired → New |
Confirmed installation of rabbitmq changes ownership permission of /etc/rabbitmq:
root@review-eoan:~# apt-cache policy rabbitmq-server archive. ubuntu. com/ubuntu eoan/main amd64 Packages rabbitmq' . system/ multi-user. target. wants/rabbitmq- server. service → /lib/systemd/ system/ rabbitmq- server. service.
rabbitmq-server:
Installed: (none)
Candidate: 3.7.8-4ubuntu2
Version table:
3.7.8-4ubuntu2 500
500 http://
root@review-eoan:~# mkdir /etc/rabbitmq
root@review-eoan:~# ls -lad /etc/rabbitmq/
drwxr-xr-x 2 root root 4096 Sep 4 18:32 /etc/rabbitmq/
root@review-eoan:~# apt-get install rabbitmq-server
...
Adding system user `rabbitmq' (UID 111) ...
Adding new user `rabbitmq' (UID 111) with group `rabbitmq' ...
Not creating home directory `/var/lib/
Created symlink /etc/systemd/
Processing triggers for systemd (240-6ubuntu9) ...
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for libc-bin (2.29-0ubuntu2) ...
root@review-eoan:~# ls -lad /etc/rabbitmq/
drwxr-xr-x 2 rabbitmq rabbitmq 4096 Sep 4 18:33 /etc/rabbitmq/