It occours also after a restart of isc-dhcp-server.
The only quick solution for me was to add a "chown .." in the /etc/init.d/isc-dhcp-server startscript (at the end of the start/stop/restart sections, i.e. to prevent overwrites during process starts
restart | force-reload)
test_config
$0 stop
sleep 2
$0 start
if [ "$?" != "0" ]; then
exit 1
fi
chown dhcpd /var/lib/dhcp/*
;;
additional I changed "chown root:root" to "chown dhcpd:dhcpd" in the file: /etc/init/isc-dhcp-server.conf
# Allow dhcp server to write lease and pid file as 'dhcpd' user
mkdir -p /var/run/dhcp-server
chown dhcpd:dhcpd /var/run/dhcp-server
# The leases files need to be root:root even when dropping privileges
[ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases
#chown root:root /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
chown dhcpd:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
if [ -e /var/lib/dhcp/dhcpd.leases~ ]; then
#chown root:root /var/lib/dhcp/dhcpd.leases~
chown dhcpd:dhcpd /var/lib/dhcp/dhcpd.leases~
fi
The properties of the affected Ubuntu system (dhclient is disabled)
# dpkg -l |grep isc-dhcp-server
ii isc-dhcp-server 4.2.4-7ubuntu12.1 amd64 ISC DHCP server for automatic IP address assignment
# uname -a
Linux gandalf 3.13.0-49-generic #83-Ubuntu SMP Fri Apr 10 20:11:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
This bug is imho not fixed for my Ubuntu 14.04.2 LTS Server with this current "fixed" version of isc-dhcp-server 4.2.4-7ubuntu12.1.
I assume the lease file can't be rotated because its owned by root.
# ls -la /var/lib/dhcp
total 24
5374571 drwxr-xr-x 2 root root 4096 Apr 19 14:54 .
5374092 drwxr-xr-x 92 root root 4096 Apr 4 17:31 ..
5374293 -rw-r--r-- 1 root root 6319 Apr 19 14:54 dhcpd.leases
5379328 -rw-r--r-- 1 root root 6319 Apr 19 14:53 dhcpd.leases~
It occours also after a restart of isc-dhcp-server. d/isc-dhcp- server startscript (at the end of the start/stop/restart sections, i.e. to prevent overwrites during process starts
The only quick solution for me was to add a "chown .." in the /etc/init.
restart | force-reload)
test_config
$0 stop
sleep 2
$0 start
if [ "$?" != "0" ]; then
exit 1
fi
chown dhcpd /var/lib/dhcp/*
;;
additional I changed "chown root:root" to "chown dhcpd:dhcpd" in the file: /etc/init/ isc-dhcp- server. conf
# Allow dhcp server to write lease and pid file as 'dhcpd' user dhcp-server dhcp-server
mkdir -p /var/run/
chown dhcpd:dhcpd /var/run/
# The leases files need to be root:root even when dropping privileges dhcp/dhcpd. leases ] || touch /var/lib/ dhcp/dhcpd. leases dhcp/dhcpd. leases dhcp/dhcpd. leases dhcp/dhcpd. leases~ ]; then dhcp/dhcpd. leases~ dhcp/dhcpd. leases~
[ -e /var/lib/
#chown root:root /var/lib/dhcp /var/lib/
chown dhcpd:dhcpd /var/lib/dhcp /var/lib/
if [ -e /var/lib/
#chown root:root /var/lib/
chown dhcpd:dhcpd /var/lib/
fi
The properties of the affected Ubuntu system (dhclient is disabled)
# dpkg -l |grep isc-dhcp-server
ii isc-dhcp-server 4.2.4-7ubuntu12.1 amd64 ISC DHCP server for automatic IP address assignment
# uname -a
Linux gandalf 3.13.0-49-generic #83-Ubuntu SMP Fri Apr 10 20:11:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/issue
Ubuntu 14.04.2 LTS \n \l
Apparmor config looks like
# grep leases /etc/apparmor. d/usr.sbin. dhcpd lib/dhcp/ dhcpd{, 6}.leases* lrw, dhcpd{, 6}.leases* lrw, }run/eucalyptus /net/*. leases* lrw,
/var/
/etc/
/{,var/
# tail -f syslog dhcp/dhcpd. leases to /var/lib/ dhcp/dhcpd. leases~ : Operation not permitted 10.in-addr. arpa. to lab-01.lab.foo.bar. 6.150:174) : op=linkat ppid=1 pid=2240 auid=4294967295 uid=121 gid=130 euid=121 suid=121 fsuid=121 egid=130 sgid=130 fsgid=130 tty=(none) ses=4294967295 comm="dhcpd" exe="/usr/ sbin/dhcpd" res=0 6.150:175) : item=0 name="/ var/lib/ dhcp/dhcpd. leases" inode=5375035 dev=08:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL
Apr 19 16:51:06 gandalf dhcpd: Wrote 24 leases to leases file.
Apr 19 16:51:06 gandalf dhcpd: Can't backup lease database /var/lib/
Apr 19 16:51:06 gandalf dhcpd: Added reverse map from 10.2.10.
Apr 19 16:51:06 gandalf kernel: [14157.954888] audit_printk_skb: 57 callbacks suppressed
Apr 19 16:51:06 gandalf kernel: [14157.954892] type=1702 audit(142945506
Apr 19 16:51:06 gandalf kernel: [14157.954899] type=1302 audit(142945506
# tail -f /var/log/kern.log 6.150:174) : op=linkat ppid=1 pid=2240 auid=4294967295 uid=121 gid=130 euid=121 suid=121 fsuid=121 egid=130 sgid=130 fsgid=130 tty=(none) ses=4294967295 comm="dhcpd" exe="/usr/ sbin/dhcpd" res=0 6.150:175) : item=0 name="/ var/lib/ dhcp/dhcpd. leases" inode=5375035 dev=08:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL
Apr 19 16:51:06 gandalf kernel: [14157.954892] type=1702 audit(142945506
Apr 19 16:51:06 gandalf kernel: [14157.954899] type=1302 audit(142945506