Bug 1218137

Summary: [Build 45.1] [xen pv] /dev/hvc0 has permission 0600 after installation and caused non root user access denied
Product: [openSUSE] PUBLIC SUSE Linux Enterprise Server 15 SP6 Reporter: Richard Fan <richard.fan>
Component: systemdAssignee: systemd maintainers <systemd-maintainers>
Status: VERIFIED FIXED QA Contact:
Severity: Normal    
Priority: P1 - Urgent CC: fbui, rtsvetkov
Version: unspecified   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
URL: https://openqa.suse.de/tests/13085653/modules/sshd/steps/39
Whiteboard:
Found By: openQA Services Priority:
Business Priority: Blocker: Yes
Marketing QA Status: --- IT Deployment: ---
Attachments: xml of vm

Description Richard Fan 2023-12-18 05:55:07 UTC 
Description:

The issue is seen from build 41.1, seems something changed for default permission for /dev/hvc0. so far I can only see this issue on xen PV vm.

After system installation, I can see below file permission for /dev/hvc0:

# ll /dev/hvc0
crw------- 1 root tty 229, 0 Dec 17 23:46 /dev/hvc0

Then non root user [in openQA test, we use user [sshboy] to access /dev/hvc0] can not access /dev/hvc0. even we have add the user to GROUP.

"usermod -aG root sshboy"

However, with beta1 [39.1/40.1] build. I can see the file has permission 0640:
# ll /dev/hvc0
crw--w---- 1 root tty 229, 0 Dec 17 23:47 /dev/hvc0


One more interesting thing is that, on build 45.1, the permission will change to 0640 after I restart the service: [or shutdown the vm and start it again. reboot VM will not change the permission from my test]

# systemctl restart serial-getty@hvc0.service 
# ll /dev/hvc0
crw--w---- 1 root tty 229, 0 Dec 17 23:47 /dev/hvc0

# systemctl is-enabled serial-getty@hvc0.service 
enabled-runtime
**********************************************************

openQA result as below:
## Observation

openQA test in scenario sle-15-SP6-Online-x86_64-extra_tests_textmode@svirt-xen-pv fails in
[sshd](https://openqa.suse.de/tests/13085653/modules/sshd/steps/39)

## Test suite description
Maintainer: QE Core, asmorodskyi,dheidler. Mainly console extratest 


## Reproducible

Fails since (at least) Build [39.1](https://openqa.suse.de/tests/12838045)


## Expected result

Last good: (unknown) (or more recent)


## Further details

Always latest result in this scenario: [latest](https://openqa.suse.de/tests/latest?arch=x86_64&distri=sle&flavor=Online&machine=svirt-xen-pv&test=extra_tests_textmode&version=15-SP6)
Comment 1 Richard Fan 2023-12-18 05:59:32 UTC 
Add some more information:

Please see attached file for xml of the vm. and Please let me know if you need to access into my setup.
Comment 2 Richard Fan 2023-12-18 06:01:15 UTC 
Created attachment 871407 [details]
xml of vm
Comment 3 Franck Bui 2023-12-20 07:25:51 UTC 
Thanks to Richard who providing me access to the affected system, I could identify the regression: it appears that the permissions for /dev/hvc0 was set up by agetty(8). However due to a change in serial-getty@.service (commit b4bf9007cbe) that passes the tty to agetty via stdin, agetty no more set the permissions up.

Therefore udev needs to init the permissions of /dev/hvc* itself now.

Fix submitted to usptream: https://github.com/systemd/systemd/pull/30526
Comment 4 Franck Bui 2023-12-22 14:29:00 UTC 
Fix submitted via sr#316279, hence closing.

Thanks again Richard for your help.
Comment 6 OBSbugzilla Bot 2024-01-12 11:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1218137) was mentioned in
https://build.opensuse.org/request/show/1138298 Factory / systemd
Comment 8 Richard Fan 2024-02-05 01:26:41 UTC 
The issue is gone in openQA test as well. so close it, thanks much for your kindly help!
Comment 9 OBSbugzilla Bot 2024-02-27 11:35:03 UTC 
This is an autogenerated message for OBS integration:
This bug (1218137) was mentioned in
https://build.opensuse.org/request/show/1152118 Factory / systemd