touch-packages team mailing list archive

Thread
Date

[Bug 1278193] Re: logrotate skip the rotation of many files under /var/log due to bad group ownership

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Diego Morales <morales@xxxxxxxxxxxxx>
Date: Mon, 27 Oct 2014 16:21:33 -0000
Reply-to: Bug 1278193 <1278193@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I've went through this problem just now. The changes described in #5
solved the problem for me as well.

The fix released in LP: #1258202 (logrotate version 3.8.6-1ubuntu2) adds
those lines to the default logrotate.conf file, but I got some custom
configs in mine and so I had to manually change it.

Of course it only works when it reads logrotate.conf, which I guess is not the case when you run this way:
 logrotate -df /etc/logrotate.d/rsyslog

Running either /etc/cron.daily/logrotate or "/usr/sbin/logrotate
/etc/logrotate.conf" works fine. Maybe the config "su root syslog"
should be the compile-time-default in Ubuntu so to avoid this situation.
Don't know if it is possible.

Also, from what I understand reading man logrotate.conf, the "su root
syslog" line only changes the user/group that the process of rotation
will run as, which does not (necessarily) affect the owner and group of
the log files: that is defined by the "create" directive (see the
logrotate.conf man for that directive).  That's why you don't see any
files with group syslog, Uwe.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to logrotate in Ubuntu.
https://bugs.launchpad.net/bugs/1278193

Title:
  logrotate skip the rotation of many files under /var/log due to bad
  group ownership

Status in “logrotate” package in Ubuntu:
  Confirmed

Bug description:
  With the latest update to logrotate (3.8.7-1ubuntu1), the group
  ownership of /var/log was changed to "syslog" causing this kind of
  problem:

    # logrotate -df /etc/logrotate.d/rsyslog
    reading config file /etc/logrotate.d/rsyslog

    Handling 2 logs

    rotating pattern: /var/log/syslog
     forced from command line (7 rotations)
    empty log files are not rotated, old logs are removed
    considering log /var/log/syslog
    error: skipping "/var/log/syslog" because parent directory has insecure permissions (It's world writable or writable by group which
    is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
    ...

  
    # ls -la /var/ | grep log
    drwxrwxr-x 17 root syslog   4096 Feb  9 10:58 log

  $ lsb_release -rd
  Description:	Ubuntu Trusty Tahr (development branch)
  Release:	14.04
  $ apt-cache policy logrotate
  logrotate:
    Installed: 3.8.7-1ubuntu1
    Candidate: 3.8.7-1ubuntu1
    Version table:
   *** 3.8.7-1ubuntu1 0
          500 http://archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
          100 /var/lib/dpkg/status

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: logrotate 3.8.7-1ubuntu1
  ProcVersionSignature: Ubuntu 3.13.0-8.27-generic 3.13.2
  Uname: Linux 3.13.0-8-generic x86_64
  ApportVersion: 2.13.2-0ubuntu2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Sun Feb  9 17:19:41 2014
  InstallationDate: Installed on 2014-01-26 (14 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140124)
  SourcePackage: logrotate
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logrotate/+bug/1278193/+subscriptions