Puppet: System Administration Automated

Support

Ticket #1196 (closed defect: fixed)

Opened 8 months ago

Last modified 7 months ago

Service commands should use /sbin/service on Red Hat-based systems, not /etc/init.d/foo

Reported by: init Assigned to: luke
Priority: normal Milestone:
Component: Red Hat Version: 0.24.4
Severity: normal Keywords:
Cc: Triage Stage: Needs design decision
Attached Patches: None Complexity: Unknown

Description

When system services like httpd and sshd are stopped, started, etc, on a Red Hat-based system (RHEL, CentOS, Fedora, etc), the /etc/init.d/foo script should not be accessed directly. The proper way is to use the /sbin/service command, since it e.g. ensures that the /etc/init.d/foo script, and thus the service, is run in the proper SELinux context. This does not happen if the /etc/init.d/foo script is executed directly by puppet.

In other words, replace service management commands like this:

  • /etc/init.d/foo start => /sbin/service foo start
  • /etc/init.d/foo stop => /sbin/service foo stop
  • /etc/init.d/foo restart => /sbin/service foo restart
  • /etc/init.d/foo status => /sbin/service foo status

Change History

04/20/08 16:50:57 changed by jamtur01

  • owner changed from community to jamtur01.
  • stage changed from Unreviewed to Accepted.

04/24/08 07:26:34 changed by luke

  • component changed from client to Red Hat.

04/24/08 15:26:55 changed by jamtur01

  • owner changed from jamtur01 to luke.
  • stage changed from Accepted to Needs design decision.

I've committed this in [b2a3db94c7226c7660277c746254f47ab40cde7b] in branch 0.24.x with some doco fixes. Luke - the only part I can't work out is /sbin/service servicename status. It just doesn't seem to work. Not sure if this matters all that much as it'll default back to /etc/init.d/servicename status if status is enabled.

05/12/08 23:44:53 changed by luke

  • status changed from new to closed.
  • resolution set to fixed.

Pushed a while ago.