-
Incident report
-
Resolution: Won't fix
-
Minor
-
None
-
3.4.14
-
None
-
Red Hat Enterprise Linux Server release 7.5 (Maipo)
Steps to reproduce:
1. Prior to update have zabbix-agent-3.4.12-1.el7.x86_64 installed, can see in the rpm verify settings tmpfiles.d/zabbix-agent.conf is not tagged as a config file
$ rpm -V zabbix-agent S.5....T. c /etc/logrotate.d/zabbix-agent S.5....T. c /etc/zabbix/zabbix_agentd.conf ..5....T. /usr/lib/tmpfiles.d/zabbix-agent.conf .....UG.. /var/log/zabbix .M....... /var/run/zabbix
Contents of the tmpfiles.d/zabbix-agent.conf file has settings for /var/run/ to be 777 so service account can write to it after reboot.
$ cat /usr/lib/tmpfiles.d/zabbix-agent.conf d /run/zabbix 0777 zabbix zabbix - -
2. run "yum update zabbix-agent"
Result:
Contents of the tmpfiles.d/zabbix-agent.conf get set back to default.
$ cat /usr/lib/tmpfiles.d/zabbix-agent.conf d /run/zabbix 0755 zabbix zabbix - -
and permissions on /var/run/zabbix changed to 0755
$ ls -ld /var/run/zabbix drwxr-xr-x. 2 zabbix zabbix 40 Oct 12 18:11 /var/run/zabbix
so the service account being used can not write to /var/run/zabbix and agent fails to start.
Expected:
The yum update of zabbix-agent would not overwrite the contents of /usr/lib/tmpfiles.d/zabbix-agent.conf.
We need this as company policy won't allow us to use the default zabbix user, and after a yum update the service account can no longer start zabbix, without updating the tmpfiles.d config and permissions on /var/run/zabbix.
Thanks