'show acl table' as user guest user gives permission denied error

[sanmalho-git]

Description

Test test_show_acl_table creates a guest user and then issues the command 'show acl table DATAACL'.

This command throws a 'Permission denied' error causing the test to fail.

Steps to reproduce the issue:

1. Add guest user with password 'guest'

admin@vlab-08:~$ sudo userdel guest
admin@vlab-08:~$ sudo useradd -G sudo -s /bin/bash guest
admin@vlab-08:~$ sudo passwd guest
New password: 
Retype new password: 
passwd: password updated successfully

2. ssh into the box as 'guest' user with password 'guest'

$ ssh guest@10.250.0.112
guest@10.250.0.112's password: 
Linux vlab-08 4.19.0-12-2-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
You are on
  ____   ___  _   _ _  ____
 / ___| / _ \| \ | (_)/ ___|
 \___ \| | | |  \| | | |
  ___) | |_| | |\  | | |___
 |____/ \___/|_| \_|_|\____|

-- Software for Open Networking in the Cloud --

Unauthorized access and/or use are prohibited.
All access and/or use are subject to monitoring.

Help:    http://azure.github.io/SONiC/

guest@vlab-08:

3. Run the command 'show acl table'

Describe the results you received:

Get permission denied error

guest@vlab-08:~$ show acl table
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/dist-packages/redis/connection.py", line 559, in connect
    sock = self._connect()
  File "/usr/local/lib/python3.7/dist-packages/redis/connection.py", line 911, in _connect
    sock.connect(self.path)
PermissionError: [Errno 13] Permission denied

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/acl-loader", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 1134, in invoke
    Command.invoke(self, ctx)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.7/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.7/dist-packages/acl_loader/main.py", line 943, in cli
    "acl_loader": AclLoader()
  File "/usr/local/lib/python3.7/dist-packages/acl_loader/main.py", line 149, in __init__
    namespaces = device_info.get_all_namespaces()
  File "/usr/local/lib/python3.7/dist-packages/sonic_py_common/device_info.py", line 411, in get_all_namespaces
    config_db.connect()
  File "/usr/local/lib/python3.7/dist-packages/swsssdk/configdb.py", line 84, in connect
    self.db_connect('CONFIG_DB', wait_for_init, retry_on)
  File "/usr/local/lib/python3.7/dist-packages/swsssdk/configdb.py", line 79, in db_connect
    SonicV2Connector.connect(self, self.db_name, retry_on)
  File "/usr/local/lib/python3.7/dist-packages/swsssdk/dbconnector.py", line 268, in connect
    self.dbintf.connect(db_id, db_name, retry_on)
  File "/usr/local/lib/python3.7/dist-packages/swsssdk/interface.py", line 175, in connect
    self._onetime_connect(db_id, db_name)
  File "/usr/local/lib/python3.7/dist-packages/swsssdk/interface.py", line 192, in _onetime_connect
    client.config_set('notify-keyspace-events', self.KEYSPACE_EVENTS)
  File "/usr/local/lib/python3.7/dist-packages/redis/client.py", line 1243, in config_set
    return self.execute_command('CONFIG SET', name, value)
  File "/usr/local/lib/python3.7/dist-packages/redis/client.py", line 898, in execute_command
    conn = self.connection or pool.get_connection(command_name, **options)
  File "/usr/local/lib/python3.7/dist-packages/redis/connection.py", line 1192, in get_connection
    connection.connect()
  File "/usr/local/lib/python3.7/dist-packages/redis/connection.py", line 563, in connect
    raise ConnectionError(self._error_message(e))
redis.exceptions.ConnectionError: Error 13 connecting to unix socket: /var/run/redis0/redis.sock. Permission denied.

Describe the results you expected:

No errors to be generated.

Output of show version:

On multi-asic KVM:

guest@vlab-08:~$ show version

SONiC Software Version: SONiC.official_masic_test.24903-74c2532a
Distribution: Debian 10.10
Kernel: 4.19.0-12-2-amd64
Build commit: 74c2532a
Build date: Thu Jul 22 03:49:09 UTC 2021
Built by: AzDevOps@sonic-build-workers-000IRK

Platform: x86_64-kvm_x86_64-r0
HwSKU: msft_four_asic_vs
ASIC: vs
ASIC Count: 4
Serial Number: None
Model Number: None
Hardware Revision: None
Uptime: 16:00:07 up 12 days, 21:02,  2 users,  load average: 0.15, 0.48, 0.49

Output of show techsupport:

(paste your output here or download and attach the file here )

Additional information you deem important (e.g. issue happens only occasionally):

[qiluo-msft]

Confirmed the bug on a multi-ASIC DUT.

[abdosi]

Submodule PR is merged: #10440

@sanmalho-git please check.

[sanmalho-git]

@abdosi Could you please provide a link to where I can get a multi-asic KVM image with the above fix.

[sanmalho-git]

@abdosi - this is still failing on the latest 4 asic multi-asic KVM, though with a different exception than before

AzDevOps@a06d081fad06:/data/sonic-mgmt/ansible$ ssh guest@10.250.0.112
guest@10.250.0.112's password: 
Linux vlab-08 5.10.0-8-2-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64
You are on
  ____   ___  _   _ _  ____
 / ___| / _ \| \ | (_)/ ___|
 \___ \| | | |  \| | | |
  ___) | |_| | |\  | | |___
 |____/ \___/|_| \_|_|\____|

-- Software for Open Networking in the Cloud --

Unauthorized access and/or use are prohibited.
All access and/or use are subject to monitoring.

Help:    http://azure.github.io/SONiC/

Last login: Wed Apr  6 21:47:10 2022 from 10.250.0.1
Could not chdir to home directory /home/guest: No such file or directory
guest@vlab-08:/$ show acl table
Traceback (most recent call last):
  File "/usr/local/bin/acl-loader", line 8, in <module>
    sys.exit(cli())
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 1134, in invoke
    Command.invoke(self, ctx)
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.9/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.9/dist-packages/acl_loader/main.py", line 943, in cli
    "acl_loader": AclLoader()
  File "/usr/local/lib/python3.9/dist-packages/acl_loader/main.py", line 150, in __init__
    self.per_npu_configdb[front_asic_namespaces].connect()
  File "/usr/lib/python3/dist-packages/swsscommon/swsscommon.py", line 1836, in connect
    return _swsscommon.ConfigDBConnector_Native_connect(self, wait_for_init, retry_on)
RuntimeError: Unable to connect to redis (unix-socket): Cannot assign requested address
guest@vlab-08:/$ 

guest@vlab-08:/$ 
guest@vlab-08:/$ show version

SONiC Software Version: SONiC.master.86986-a5018e73a
Distribution: Debian 11.3
Kernel: 5.10.0-8-2-amd64
Build commit: a5018e73a
Build date: Mon Apr  4 02:06:25 UTC 2022
Built by: AzDevOps@sonic-build-workers-001C2R

Platform: x86_64-kvm_x86_64_4_asic-r0
HwSKU: msft_four_asic_vs
ASIC: vs
ASIC Count: 4
Serial Number: N/A
Model Number: N/A
Hardware Revision: N/A
Uptime: 21:47:48 up 20 min,  2 users,  load average: 2.13, 3.67, 2.41
Date: Wed 06 Apr 2022 21:47:48