[Bug 1874915] Re: krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system

Sam Hartman hartmans at debian.org
Sat Apr 25 19:05:24 UTC 2020 

I'm going to push back on the reassignment to krb5.
I think this is a freeipa bug.
Kerberos's systemd service unit is correct for Kerberos.
freeipa is the one that is deciding it wants to change the Kerberos
logging configuration, and thus is the one that should adjust the
permissions.
Honestly I'd rather see this fixed by freeipa not messing around with
Kerberos configs so much, but especially not logging config.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1874915

Title:
  krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only
  file system

Status in krb5 package in Ubuntu:
  New

Bug description:
  Hopefully this can trivially be corrected.

  Seems the systemd service file for the kerberos portion of freeipa
  could use a minor tweak.

  When restarting the kerberos service, it (incorrectly) reports that
  the default configured log file (/var/log/krb5kdc.log) is sending to a
  "read only filesystem".  This is a misleading error, since the
  /var/log directory by default -IS- writeable, but systemd is in fact
  preventing the daemon from writing.  Why systemd can't inject itself
  inappropriately and report that it's causing the trouble is another
  conversation. ;) [not personally a systemd fan]

  
  File:
  =====
  /lib/systemd/system/krb5-kdc.service

  Command:
  =====
  service krb5-kdc restart

  Error:
  =====
  krb5kdc[27833]: Couldn't open log file /var/log/krb5kdc.log: Read-only file system

  
  Please make the following adjustment to the default systemd file.
  =====
  13c13
  < ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run
  ---
  > ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run /var/log


  Thank you for all the help and support.  :)

  Cheers,
  -Chris

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1874915/+subscriptions

More information about the foundations-bugs mailing list