Bug 1215179

Summary: /run/lock no longer belongs to the "lock" group; it is now in "root"
Product: [openSUSE] openSUSE Tumbleweed Reporter: David Walker <David>
Component: BasesystemAssignee: E-mail List <screening-team-bugs>
Status: RESOLVED WONTFIX QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: chcao, filatovalex91
Version: Current   
Target Milestone: ---   
Hardware: aarch64   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description David Walker 2023-09-10 07:04:51 UTC 
Sometime in the past few weeks, the ownership of /var/lock in Tumbleweed changed from root:lock to root:root, breaking OpenHAB3's ability to create lock files within that directory, unless it's given membership in the root group by adding "SupplementaryGroups=root" in its systemd .service configuration (which isn't the best security strategy).

This problem is very similar to bug #552095, which was reported nearly 14 years ago and later resolved, although in a way that doesn't apply to my use case.

What this change deliberate? If not, could it be reversed? If it can't be reversed, suggestions for a workaround would be appreciated.
Comment 1 Thorsten Kukuk 2023-09-11 09:41:45 UTC 
(In reply to David Walker from comment #0)

> What this change deliberate? 

Yes, this was necessary to fix a huge amount of problems and race conditions.

> If not, could it be reversed?

Not without introducing a huge amount of problems affecting everybody with every installation.

> If it can't be reversed, suggestions for a workaround would be appreciated.

Same as for any other package, create your own sub-directory with the permissions you need?
Comment 2 David Walker 2023-09-13 18:05:31 UTC 
Thanks, Thorsten. I'll find another way.
Comment 3 Chenzi Cao 2023-10-08 13:29:42 UTC 
Based on the comments above, I mark this bug report as WONTFIX, if I get wrong, please feel free to reopen it, thanks.
Comment 4 Alexander Kulemin 2023-11-30 15:51:13 UTC 
Another inconvenience introduced: minicom can't create lock file in /run/lock without root permissions.