Bug 31623

Summary: Не ротируются логи с logrotate >= 3.9.1-alt1
Product: Sisyphus Reporter: Evgenii Terechkov <evg>
Component: logrotateAssignee: Alexey Gladkov <legion>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: normal    
Priority: P3 CC: anton, asy, at, cas, crux, ender, enp, force, lakostis, ldv, legion, mike, misha, mithraen, pma, rider, shaba, viy
Version: unstable   
Hardware: all   
OS: Linux   

Description Evgenii Terechkov 2015-12-15 04:57:26 MSK
После обновления logrotate от cron.daily стали приходить такие письма:

=8<=================================================================
error: skipping "/var/log/nginx/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

error: skipping "/var/log/nginx/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

error: skipping "/var/log/nginx/nginx.error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
=8<=================================================================

лог-файлы при этом не ротируются.
Comment 1 Dmitry V. Levin 2015-12-15 05:32:10 MSK
Ну написал бы уже кто-нибудь менее глючный logrotate!
Comment 2 Evgenii Terechkov 2015-12-15 05:38:06 MSK
*** Bug 31622 has been marked as a duplicate of this bug. ***
Comment 3 Evgenii Terechkov 2015-12-15 05:46:14 MSK
Ну весь мир с ним живёт.

Мне как админу было бы менее неудобно, если бы поведение logrotate совпадало с
мэйнтримом. Сейчас, например, приходится делать разные декларации logrotate для
ALT и Debian.
Comment 4 Repository Robot 2015-12-15 05:59:27 MSK
logrotate-3.9.1-alt2 -> sisyphus:

* Tue Dec 15 2015 Dmitry V. Levin <ldv@altlinux> 3.9.1-alt2
- Apply ALT Secure Packaging Policy (closes: #31623).
Comment 5 Evgenii Terechkov 2015-12-17 05:49:12 MSK
logrotate-3.9.1-alt2. Про nginx ругань исчезла. Теперь приходит другая:

=8<=======================================================================
error: skipping "/var/log/uucp/Debug" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/uucp/Log" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/uucp/Stats" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/uucp/errors" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/uucp/info" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/uucp/warnings" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation.
=8<=======================================================================

права/владелец /var/log/uucp из пакета syslog-common не менялся:
=8<=======================================================================
drwxr-x---  2 uucp adm               4096 Mar 14  2012 uucp
=8<=======================================================================
Comment 6 Dmitry V. Levin 2015-12-17 06:00:00 MSK
Права на /var/log/uucp/ не соответствуют требованиям ALT Secure Packaging Policy.
Довольно давно уже не соответствуют:
* Thu May 10 2001 Stanislav Ievlev <inger@altlinux.ru> 1.4.1-alt1
- Up to 1.4.1.
- Added patch from Owl.
- Fixed parent process killing bug.
- Chowned /var/log/uucp to uucp user.
Comment 7 Evgenii Terechkov 2015-12-17 07:17:12 MSK
К сожалению, без syslog-common (и соответственно без такой ругани) сейчас не обходятся postfix/openvpn/nut-server и, видимо, все реализации демона syslog.
Comment 8 anton 2015-12-17 18:53:36 MSK
*** Bug 31638 has been marked as a duplicate of this bug. ***
Comment 9 Sergey Y. Afonin 2016-11-11 11:51:00 MSK
(In reply to comment #5)

> error: skipping "/var/log/uucp/Debug" because parent directory has insecure
> permissions (it's not owned by "root"); consider using "su" directive in config
> file to tell logrotate which user/group should be used for rotation.

Оставлю тут ссылку на Bug 31636 про uucp, чтобы искалось проще.