Commit db88985 introduced a regression into {{{ipa-restore}}} by overwriting /etc/passwd and /etc/group files after dirsrv and pki system users are created during restore.
This causes the regression test for 3866 to fail.
Subsequent test for 4157 also fails because /var/run/dirsrv ownership gets messed up.
Inspecting the directory reveals
[root@vm-218 ~]# ls -ldZ /var/run/dirsrv/ drwxrwx---. 2 988 985 unconfined_u:object_r:dirsrv_var_run_t:s0 60 Sep 25 15:32 /var/run/dirsrv/
while in {{{/etc/passwd}}} we have
dirsrv:x:989:986:DS System User:/var/lib/dirsrv:/sbin/nologin
This is the corresponding excerpt from systemd journal.
-- Unit dirsrv@IPADOM-ORG.service has begun starting up. Sep 25 15:34:09 vm-218.ipadom.org ns-slapd[9495]: [25/Sep/2015:15:34:09 +0200] - Unable to access nsslapd-rundir: Permission denied Sep 25 15:34:09 vm-218.ipadom.org ns-slapd[9495]: [25/Sep/2015:15:34:09 +0200] - Ensure that user "dirsrv" has read and write permissions on /var/run/dirsrv Sep 25 15:34:09 vm-218.ipadom.org ns-slapd[9495]: [25/Sep/2015:15:34:09 +0200] - Shutting down. Sep 25 15:34:09 vm-218.ipadom.org systemd[1]: dirsrv@IPADOM-ORG.service: control process exited, code=exited status=1 Sep 25 15:34:09 vm-218.ipadom.org systemd[1]: Failed to start 389 Directory Server IPADOM-ORG.. -- Subject: Unit dirsrv@IPADOM-ORG.service has failed
master:
ipa-4-2:
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1269777
Metadata Update from @mbabinsk: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.2.2
Login to comment on this ticket.