Ticket 1986

Summary: munge wouldn't start if /var/log is group writable
Product: Slurm Reporter: Dr. Christoph Pospiech <pospiech-HD>
Component: OtherAssignee: Jacob Jenson <jacob>
Status: RESOLVED INFOGIVEN QA Contact:
Severity: 6 - No support contract    
Priority: --- CC: brian, da
Version: 14.03.9   
Hardware: Linux   
OS: Linux   
Site: PIK Alineos Sites: ---
Atos/Eviden Sites: --- Confidential Site: ---
Coreweave sites: --- Cray Sites: ---
DS9 clusters: --- HPCnow Sites: ---
HPE Sites: --- IBM Sites: ---
NOAA SIte: --- OCF Sites: ---
Recursion Pharma Sites: --- SFW Sites: ---
SNIC sites: --- Linux Distro: ---
Machine Name: CLE Version:
Version Fixed: Target Release: ---
DevPrio: --- Emory-Cloud Sites: ---

Description Dr. Christoph Pospiech 2015-09-28 22:27:58 MDT 
root@helios:~# /etc/init.d/munge stop
[ ok ] Stopping munge (via systemctl): munge.service.
root@helios:~# chmod g+w /var/log
root@helios:~# /etc/init.d/munge start
[....] Starting munge (via systemctl): munge.serviceJob for munge.service failed. See "systemctl status munge.service" and "journalctl -xe" for details.
 failed!
root@helios:~# journalctl -xe
[...]
Sep 29 12:21:56 helios systemd[1]: Starting MUNGE authentication service...
-- Subject: Unit munge.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit munge.service has begun starting up.
Sep 29 12:21:56 helios munged[14200]: munged: Error: Logfile is insecure: group-writable permissions set on "/var/log"
Sep 29 12:21:56 helios systemd[1]: munge.service: control process exited, code=exited status=1
Sep 29 12:21:56 helios systemd[1]: Failed to start MUNGE authentication service.
[...]
root@helios:~# ls -dl /var/log
drwxrwxr-x 20 root syslog 4096 Sep 29 09:34 /var/log

The OS will restore write permission for group syslog by its own - which conflicts munged prerequisites.
Comment 1 David Bigagli 2015-09-28 23:28:38 MDT 
Logged by PIK while I am here. It is a minore issue which should be addressed 
by munge developer.

David
Comment 2 Moe Jette 2015-09-29 02:52:12 MDT 
There is already an open ticket about this on the munge site:
https://github.com/dun/munge/issues/31
Comment 3 Moe Jette 2015-09-29 10:54:31 MDT 
I'm going to close this since it's in the hands of Munge developers now.
Comment 4 Dr. Christoph Pospiech 2015-09-30 00:02:22 MDT 
I can confirm that the recipe provided on https://github.com/dun/munge/issues/31 in deed solves the problem. So this ticket can be closed.