#31623 – Не ротируются логи с logrotate >= 3.9.1-alt1

Bug 31623 - Не ротируются логи с logrotate >= 3.9.1-alt1

Summary: Не ротируются логи с logrotate >= 3.9.1-alt1

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	logrotate (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 normal
Assignee:	Alexey Gladkov
QA Contact:	qa-sisyphus

URL:
Keywords:

Duplicates (2):	31622 31638 (view as bug list)
Depends on:
Blocks:

Reported:	2015-12-15 04:57 MSK by Evgenii Terechkov
Modified:	2016-11-11 11:51 MSK (History)
CC List:	18 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Evgenii Terechkov 2015-12-15 04:57:26 MSK

После обновления logrotate от cron.daily стали приходить такие письма:

=8<=================================================================
error: skipping "/var/log/nginx/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

error: skipping "/var/log/nginx/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

error: skipping "/var/log/nginx/nginx.error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
=8<=================================================================

лог-файлы при этом не ротируются.

Comment 1 Dmitry V. Levin 2015-12-15 05:32:10 MSK

Ну написал бы уже кто-нибудь менее глючный logrotate!

Comment 2 Evgenii Terechkov 2015-12-15 05:38:06 MSK

*** Bug 31622 has been marked as a duplicate of this bug. ***

Comment 3 Evgenii Terechkov 2015-12-15 05:46:14 MSK

Ну весь мир с ним живёт.

Мне как админу было бы менее неудобно, если бы поведение logrotate совпадало с
мэйнтримом. Сейчас, например, приходится делать разные декларации logrotate для
ALT и Debian.

Comment 4 Repository Robot 2015-12-15 05:59:27 MSK

logrotate-3.9.1-alt2 -> sisyphus:

* Tue Dec 15 2015 Dmitry V. Levin <ldv@altlinux> 3.9.1-alt2
- Apply ALT Secure Packaging Policy (closes: #31623).

Comment 5 Evgenii Terechkov 2015-12-17 05:49:12 MSK

logrotate-3.9.1-alt2. Про nginx ругань исчезла. Теперь приходит другая:

=8<=======================================================================
error: skipping "/var/log/uucp/Debug" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/uucp/Log" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/uucp/Stats" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/uucp/errors" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/uucp/info" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/uucp/warnings" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
=8<=======================================================================

права/владелец /var/log/uucp из пакета syslog-common не менялся:
=8<=======================================================================
drwxr-x---  2 uucp adm               4096 Mar 14  2012 uucp
=8<=======================================================================

Comment 6 Dmitry V. Levin 2015-12-17 06:00:00 MSK

Права на /var/log/uucp/ не соответствуют требованиям ALT Secure Packaging Policy.
Довольно давно уже не соответствуют:
* Thu May 10 2001 Stanislav Ievlev <inger@altlinux.ru> 1.4.1-alt1
- Up to 1.4.1.
- Added patch from Owl.
- Fixed parent process killing bug.
- Chowned /var/log/uucp to uucp user.

Comment 7 Evgenii Terechkov 2015-12-17 07:17:12 MSK

К сожалению, без syslog-common (и соответственно без такой ругани) сейчас не обходятся postfix/openvpn/nut-server и, видимо, все реализации демона syslog.

Comment 8 anton 2015-12-17 18:53:36 MSK

*** Bug 31638 has been marked as a duplicate of this bug. ***

Comment 9 Sergey Y. Afonin 2016-11-11 11:51:00 MSK

(In reply to comment #5)

> error: skipping "/var/log/uucp/Debug" because parent directory has insecure
> permissions (it's not owned by "root"); consider using "su" directive in config
> file to tell logrotate which user/group should be used for rotation.

Оставлю тут ссылку на Bug 31636 про uucp, чтобы искалось проще.