kea-dhcp4 changes filesystem access permissions on log directory
name: kea-dhcp4 changes filesystem access permissions on log directory
about: Create a report to help us improve
Describe the bug
Kea-DHCP4 changes the access permissions on the directory for logfiles in the logger statement. It removes "read" and "execute/list" (r-x) permissions for "other"
To Reproduce
- Change the access permissions on the log directory so that all users/processes can read/list the log directory
- Restart Kea-DHCP
- List the access permissions on the log directory. The access permissions for "other" are removed
Expected behavior
Kea-DHCP4 (possible other Kea processes as well) will not touch the access permissions on the log directory
Environment:
-
Kea version: 2.4.1 tarball linked with: log4cplus 1.2.0 OpenSSL 1.1.1k FIPS 25 Mar 2021 database: MySQL backend 19.0, library 10.5.5 PostgreSQL backend 18.0, library 130011 Memfile backend 3.0
-
Red Hat EL 8 x86_64 (ISC Open Source Packages)
Additional Information
Use case: Stork agent cannot read the Kea-DHCP4 logfile in the standard configuration (as delivered in the ISC provided open source RPM packages).
This issue have been found while trying to give the stork-agent access to the Kea-DHCP4 logfile.
Workaround:
Change the group ownership of the logfile to group name "kea", then change the systemd-unit for "isc-stork-agent" to start the stork-agent as group "kea".
[Service]
Group=kea
...
If the removal of the access permissions for "other" is to be expected (no bug), then I recommend to adjust the stork-agent systemd unit to have stork-agent started with permissions that allow access to the Kea log files.