556436 – sys-process/audit - Configuration file /usr/lib64/systemd/system/auditd.service is marked world-inaccessible after the default systemd installation

Bug 556436 - sys-process/audit - Configuration file /usr/lib64/systemd/system/auditd.service is marked world-inaccessible after the default systemd installation

Summary: sys-process/audit - Configuration file /usr/lib64/systemd/system/auditd.servi...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Robin Johnson

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-08-01 08:08 UTC by Paul Osmialowski
Modified:	2015-08-18 04:30 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Paul Osmialowski 2015-08-01 08:08:52 UTC

Configuration file /usr/lib64/systemd/system/auditd.service is marked world-inaccessible after the default systemd installation.

This leads to following log entry:

Aug  1 09:58:11 localhost systemd: Configuration file /usr/lib64/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.


Reproducible: Always

Steps to Reproduce:
1. emerge systemd
2. reboot
3. read logs

Comment 1 Jason Zaman gentoo-dev

2015-08-01 08:49:40 UTC

What are the permissions? and what should they be instead?
what does this say:
ls -al /usr/lib64/systemd/system/auditd.service

Should it just be 755? or 644?

Comment 2 Paul Osmialowski 2015-08-01 09:15:36 UTC

$ ls -al /usr/lib64/systemd/system/auditd.service
-rw-r----- 1 root root 285 06-06 14:02 /usr/lib64/systemd/system/auditd.service

Comment 3 Jason Zaman gentoo-dev

2015-08-02 17:26:30 UTC

@systemd: do I just do this?

chmod 644 "$(systemd_get_unitdir)"/auditd.service || die

Comment 4 Jason Zaman gentoo-dev

2015-08-18 04:30:37 UTC

commit 7b1821119f093af1396b20cfd26c24188d5936f1
Author: Jason Zaman <perfinion@gentoo.org>
Date:   Tue Aug 18 12:27:33 2015 +0800

    sys-process/audit: Remove lock from init script
    
    The lock in the init script was only needed in Redhat. OpenRC keeps track of if
    the process is started so not required.  Also fix perms on the systemd unit.
    
    Gentoo-Bug: https://bugs.gentoo.org/556436
    Gentoo-Bug: https://bugs.gentoo.org/449990
    
    Package-Manager: portage-2.2.20.1