Dear maintainer and Mike Gabriel, > Package: src:krb5 > Severity: important > Version: 1.17-3 > User: debian-...@lists.debian.org > Usertags: debian-edu > X-Debbugs-Cc: debian-...@lists.debian.org > > Hi Sam et al, > > When restarting krb5-kdc or krb5-admin-server on a fresh Debian Edu > buster main server, I see the following logs lines in syslog: > > Jul 3 11:08:16 tjener krb5kdc[22684]: Couldn't open log file > /var/log/kdc.log: Das Dateisystem ist nur lesbar > [...] > Jul 3 11:10:06 tjener kadmind[23272]: Couldn't open log file > /var/log/krb5.log: Das Dateisystem ist nur lesbar > > (Translation: Das Dateisystem ist nur lesbar: The file system is read-only)
How about add /run/log for a final resort? /run/log can be used "always writable" log area, though it is volatile. $ man file-hierarchy # and find "/run/log" > As expected by the error message, not log output gets produced. > > The following two systemd service file patches fix the issue > (appending /var/log to ReadWriteDirectories= key): > > ``` > root@tjener:~/fixes-buster# diff -u krb5-admin-server.service.orig > krb5-admin-server.service > --- krb5-admin-server.service.orig 2019-07-03 11:26:51.607417138 +0200 > +++ krb5-admin-server.service 2019-07-03 11:25:37.843418670 +0200 > @@ -8,7 +8,7 @@ > EnvironmentFile=-/etc/default/krb5-admin-server > InaccessibleDirectories=-/etc/ssh -/etc/ssl/private /root > ReadOnlyDirectories=/ > -ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run > +ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run /var/log say, ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run /var/log /run/log This would make the system can log the issue even on "/var mount point hardware failure". # BTW I'm not familiar with Kerberos; just a comment. Regards,