Bug 43446 - Changes should be logged in 'config-registry.replog' by showing the invoker
Changes should be logged in 'config-registry.replog' by showing the invoker
Status: REOPENED
Product: UCS
Classification: Unclassified
Component: UCR
UCS 4.4
Other Linux
: P5 normal with 2 votes (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-30 15:14 CET by Nico Stöckigt
Modified: 2020-06-12 12:21 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2017021021000308
Bug group (optional): Troubleshooting
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Stöckigt univentionstaff 2017-01-30 15:14:23 CET
In some cases it might help a lot when knowing not only what or when something in the UCR has changes but also what caused the change. Sometimes changes were made by manual editing a variable but sometimes it's done by a script, exactly in this cases it will help to know.
Comment 1 Christina Scheinig univentionstaff 2017-02-13 14:42:44 CET
It happens now in a paedML Environment, and this feature would have helped here much, because samba4/autostart was set to "manually" and after reboot samba was not started. Now it would be nice to know, if it was a daemon or an administrator, who changed the value.

Or can i look it up an other way?
Comment 2 Stefan Gohmann univentionstaff 2019-01-03 07:23:06 CET
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.
Comment 3 Nico Stöckigt univentionstaff 2019-01-07 10:52:08 CET
This tiny feature would still be very helpful in several support situations so I reopened it against UCS 4.4.
Comment 4 Philipp Hahn univentionstaff 2020-06-12 12:12:08 CEST
It is always USER=root as only that user can change things locally.
ucr might get invoked by
- directly by an interactive user from a $SHELL
- indirectly by a script invoked from the command line
- remotely via ssh
- from a Debian package maintainer script
- UMC
- by some background daemon, e.g. cron → ucr cron entry → script → ucr set
- …
The call chains can be very long, so what is considered the "what" here?
(walk the process chain upward until you reach PID 1 and print all process names)
Comment 5 Nico Stöckigt univentionstaff 2020-06-12 12:21:03 CEST
Looking at this from a users perspective one wants to determine if the change was triggered automatically or manually. By that means the "What?" is either the script's name, that changed the value, or 'manually'.
From the perspective of security monitoring one surely wants to know who changed the value. This seems to be easy to find out as long as the umc is used to trigger that change.

So in an ideal scenario the config-replog shows either the script or the username of the Issuer.