[Debian-ha-maintainers] crmsh: HA_GROUP permission regression after upgrading bullseye to bookworm
Florent Carli
fcarli at gmail.com
Tue Jul 4 08:26:30 BST 2023
Hello,
I encounter a regression with crmsh on debian12. On debian 11, I used
to be able to issue crm commands with a standard user as long as it
was a member of haclient group.
On debian 12, this same user cannot use crm because of some chown that
it's not allowed to do:
virtu at virtu-elabo1:~$ id
uid=1000(virtu) gid=1000(virtu) groups=1000(virtu),110(haclient),118(libvirt)
virtu at virtu-elabo1:~$ crm status
Traceback (most recent call last):
File "/usr/sbin/crm", line 31, in <module>
log.setup_logging()
File "/usr/lib/python3/dist-packages/crmsh/log.py", line 445, in setup_logging
shutil.chown(CRMSH_LOG_FILE, constants.HA_USER, constants.HA_GROUP)
File "/usr/lib/python3.11/shutil.py", line 1385, in chown
os.chown(path, _user, _group)
PermissionError: [Errno 1] Operation not permitted: '/var/log/crmsh/crmsh.log'
Is this by design or is it a bug?
Thanks.
Florent.
More information about the Debian-ha-maintainers
mailing list