Ubuntu
isc-dhcp package

Bug #1417658
Comment #15

Comment 15 for bug 1417658

Revision history for this message

Rob Traders (rob-traderspit) wrote on 2015-04-19:

#15

This bug is imho not fixed for my Ubuntu 14.04.2 LTS Server with this current "fixed" version of isc-dhcp-server 4.2.4-7ubuntu12.1.

I assume the lease file can't be rotated because its owned by root.

# ls -la /var/lib/dhcp
total 24
5374571 drwxr-xr-x 2 root root 4096 Apr 19 14:54 .
5374092 drwxr-xr-x 92 root root 4096 Apr 4 17:31 ..
5374293 -rw-r--r-- 1 root root 6319 Apr 19 14:54 dhcpd.leases
5379328 -rw-r--r-- 1 root root 6319 Apr 19 14:53 dhcpd.leases~

It occours also after a restart of isc-dhcp-server.
The only quick solution for me was to add a "chown .." in the /etc/init.d/isc-dhcp-server startscript (at the end of the start/stop/restart sections, i.e. to prevent overwrites during process starts

restart | force-reload)
  test_config
  $0 stop
  sleep 2
  $0 start
  if [ "$?" != "0" ]; then
   exit 1
  fi
  chown dhcpd /var/lib/dhcp/*
  ;;

additional I changed "chown root:root" to "chown dhcpd:dhcpd" in the file: /etc/init/isc-dhcp-server.conf

    # Allow dhcp server to write lease and pid file as 'dhcpd' user
    mkdir -p /var/run/dhcp-server
    chown dhcpd:dhcpd /var/run/dhcp-server

    # The leases files need to be root:root even when dropping privileges
    [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases
#chown root:root /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
     chown dhcpd:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
    if [ -e /var/lib/dhcp/dhcpd.leases~ ]; then
        #chown root:root /var/lib/dhcp/dhcpd.leases~
        chown dhcpd:dhcpd /var/lib/dhcp/dhcpd.leases~
    fi

The properties of the affected Ubuntu system (dhclient is disabled)

# dpkg -l |grep isc-dhcp-server
ii isc-dhcp-server 4.2.4-7ubuntu12.1 amd64 ISC DHCP server for automatic IP address assignment

# uname -a
Linux gandalf 3.13.0-49-generic #83-Ubuntu SMP Fri Apr 10 20:11:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/issue
Ubuntu 14.04.2 LTS \n \l

Apparmor config looks like

# grep leases /etc/apparmor.d/usr.sbin.dhcpd
  /var/lib/dhcp/dhcpd{,6}.leases* lrw,
  /etc/dhcpd{,6}.leases* lrw,
  /{,var/}run/eucalyptus/net/*.leases* lrw,

# tail -f syslog
Apr 19 16:51:06 gandalf dhcpd: Wrote 24 leases to leases file.
Apr 19 16:51:06 gandalf dhcpd: Can't backup lease database /var/lib/dhcp/dhcpd.leases to /var/lib/dhcp/dhcpd.leases~: Operation not permitted
Apr 19 16:51:06 gandalf dhcpd: Added reverse map from 10.2.10.10.in-addr.arpa. to lab-01.lab.foo.bar.
Apr 19 16:51:06 gandalf kernel: [14157.954888] audit_printk_skb: 57 callbacks suppressed
Apr 19 16:51:06 gandalf kernel: [14157.954892] type=1702 audit(1429455066.150:174): op=linkat ppid=1 pid=2240 auid=4294967295 uid=121 gid=130 euid=121 suid=121 fsuid=121 egid=130 sgid=130 fsgid=130 tty=(none) ses=4294967295 comm="dhcpd" exe="/usr/sbin/dhcpd" res=0
Apr 19 16:51:06 gandalf kernel: [14157.954899] type=1302 audit(1429455066.150:175): item=0 name="/var/lib/dhcp/dhcpd.leases" inode=5375035 dev=08:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL

# tail -f /var/log/kern.log
Apr 19 16:51:06 gandalf kernel: [14157.954892] type=1702 audit(1429455066.150:174): op=linkat ppid=1 pid=2240 auid=4294967295 uid=121 gid=130 euid=121 suid=121 fsuid=121 egid=130 sgid=130 fsgid=130 tty=(none) ses=4294967295 comm="dhcpd" exe="/usr/sbin/dhcpd" res=0
Apr 19 16:51:06 gandalf kernel: [14157.954899] type=1302 audit(1429455066.150:175): item=0 name="/var/lib/dhcp/dhcpd.leases" inode=5375035 dev=08:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL

This bug is imho not fixed for my Ubuntu 14.04.2 LTS Server with this current "fixed" version of isc-dhcp-server 4.2.4-7ubuntu12.1.

I assume the lease file can't be rotated because its owned by root.

# ls -la /var/lib/dhcp
total 24
5374571 drwxr-xr-x  2 root  root  4096 Apr 19 14:54 .
5374092 drwxr-xr-x 92 root  root  4096 Apr  4 17:31 ..
5374293 -rw-r--r--  1 root  root  6319 Apr 19 14:54 dhcpd.leases
5379328 -rw-r--r--  1 root  root  6319 Apr 19 14:53 dhcpd.leases~

It occours also after a restart of isc-dhcp-server. 
The only quick solution for me was to add a "chown .." in the /etc/init.d/isc-dhcp-server startscript (at the end of the start/stop/restart sections,  i.e. to prevent overwrites during  process starts

restart | force-reload)
		test_config
		$0 stop
		sleep 2
		$0 start
		if [ "$?" != "0" ]; then
			exit 1
		fi
		chown dhcpd /var/lib/dhcp/*
		;;

additional I changed "chown root:root" to "chown dhcpd:dhcpd" in the file: /etc/init/isc-dhcp-server.conf

# Allow dhcp server to write lease and pid file as 'dhcpd' user
    mkdir -p /var/run/dhcp-server
    chown dhcpd:dhcpd /var/run/dhcp-server

# The leases files need to be root:root even when dropping privileges
    [ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases
	#chown root:root /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
    	chown dhcpd:dhcpd /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
    if [ -e /var/lib/dhcp/dhcpd.leases~ ]; then
        #chown root:root /var/lib/dhcp/dhcpd.leases~
        chown dhcpd:dhcpd /var/lib/dhcp/dhcpd.leases~
    fi

The properties of the affected Ubuntu system (dhclient is disabled)

# dpkg -l |grep isc-dhcp-server
ii  isc-dhcp-server  4.2.4-7ubuntu12.1  amd64  ISC DHCP server for automatic IP address assignment

# uname -a
Linux gandalf 3.13.0-49-generic #83-Ubuntu SMP Fri Apr 10 20:11:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

# cat /etc/issue
Ubuntu 14.04.2 LTS \n \l

Apparmor config looks like

# grep leases /etc/apparmor.d/usr.sbin.dhcpd 
  /var/lib/dhcp/dhcpd{,6}.leases* lrw,
  /etc/dhcpd{,6}.leases* lrw,
  /{,var/}run/eucalyptus/net/*.leases* lrw,

Ubuntuisc-dhcp package

Comment 15 for bug 1417658

Ubuntu
isc-dhcp package