Actions
Bug #3566
closed
Log permissions
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:
Description
The Rudder log permissions are mostly the same. Only slapd has problems writing its log file. After doing a "chown syslog:adm /var/log/rudder/ldap/slapd.log" slapd can write to its log again.
- tree
u -g -p /var/log/rudderroot adm ] access.log
/var/log/rudder
├── [drwxr-xr-x root root ] apache2
│ ├── [-rw-r----
│ ├── [-rw-r----- root adm ] access.log.10.gz
│ ├── [-rw-r----- root adm ] access.log.11.gz
│ ├── [-rw-r--r-- root root ] access.log.12.gz
│ ├── [-rw-r----- root adm ] access.log.1.gz
│ ├── [-rw-r----- root adm ] access.log.2.gz
│ ├── [-rw-r----- root adm ] access.log.3.gz
│ ├── [-rw-r----- root adm ] access.log.4.gz
│ ├── [-rw-r----- root adm ] access.log.5.gz
│ ├── [-rw-r----- root adm ] access.log.6.gz
│ ├── [-rw-r----- root adm ] access.log.7.gz
│ ├── [-rw-r----- root adm ] access.log.8.gz
│ ├── [-rw-r----- root adm ] access.log.9.gz
│ ├── [-rw-r----- root adm ] error.log
│ ├── [-rw-r----- root adm ] error.log.1.gz
│ ├── [-rw-r----- root adm ] error.log.2.gz
│ ├── [-rw-r----- root adm ] error.log.3.gz
│ ├── [-rw-r----- root adm ] error.log.4.gz
│ ├── [-rw-r----- root adm ] error.log.5.gz
│ └── [-rw-r--r-- root root ] error.log.6.gz
├── [drwxr-x--- root root ] compliance
│ ├── [-rw-r----- root adm ] non-compliant-reports.log
│ ├── [-rw-r----- root adm ] non-compliant-reports.log.1.gz
│ ├── [-rw-r----- root adm ] non-compliant-reports.log.2.gz
│ ├── [-rw-r----- root adm ] non-compliant-reports.log.3.gz
│ ├── [-rw-r----- root adm ] non-compliant-reports.log.4.gz
│ └── [-rw-r----- root root ] non-compliant-reports.log.5.gz
├── [drwxr-x--- root root ] core
│ ├── [-rw-r----- root adm ] rudder-webapp.log
│ ├── [-rw-r----- root adm ] rudder-webapp.log.1.gz
│ ├── [-rw-r----- root adm ] rudder-webapp.log.2.gz
│ ├── [-rw-r----- root adm ] rudder-webapp.log.3.gz
│ ├── [-rw-r----- root adm ] rudder-webapp.log.4.gz
│ └── [-rw-r----- root root ] rudder-webapp.log.5.gz
├── [drwxr-xr-x root root ] ldap
│ ├── [-rw-r----- syslog adm ] slapd.log
│ └── [-rw-r----- syslog adm ] slapd.log.1.gz
├── [drwxr-xr-x root root ] reports
│ ├── [-rw-r----- root adm ] all.log
│ ├── [-rw-r----- root adm ] all.log.1.gz
│ ├── [-rw-r----- syslog adm ] all.log.2.gz
│ ├── [-rw-r----- root adm ] extLinuxReport.log
│ ├── [-rw-r----- syslog adm ] extLinuxReport.log.1.gz
│ ├── [-rw-r----- root adm ] linuxlog.log
│ ├── [-rw-r----- syslog adm ] linuxlog.log.1.gz
│ └── [-rw-r----- syslog adm ] winlog.log
└── [drwxr-xr-x root root ] webapp
├── [-rw-r----- root root ] 2013_04_16.stderrout.log
├── [-rw-r----- root root ] 2013_04_16.stderrout.log.150646068
├── [-rw-r----- root root ] 2013_04_16.stderrout.log.150813539
├── [-rw-r----- root root ] 2013_04_16.stderrout.log.151900080
├── [-rw-r----- root root ] 2013_04_16.stderrout.log.153526709
├── [-rw-r----- root root ] 2013_04_17.stderrout.log
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.100611131
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.121008443
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.121131541
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.124419522
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.132819555
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.142650306
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.155654904
├── [-rw-r----- root root ] 2013_04_18.stderrout.log
├── [-rw-r----- root root ] 2013_04_18.stderrout.log.085608570
├── [-rw-r----- root root ] 2013_04_18.stderrout.log.151008184
├── [-rw-r----- root root ] 2013_04_18.stderrout.log.151508637
├── [-rw-r----- root root ] 2013_04_19.stderrout.log
├── [-rw-r----- root root ] 2013_04_19.stderrout.log.072045265
├── [-rw-r----- root root ] 2013_04_20.stderrout.log
├── [-rw-r----- root root ] 2013_04_21.stderrout.log
├── [-rw-r----- root root ] 2013_04_22.stderrout.log
├── [-rw-r----- root root ] 2013_04_23.stderrout.log
├── [-rw-r----- root root ] 2013_04_23.stderrout.log.095940240
├── [-rw-r----- root root ] 2013_04_23.stderrout.log.100303870
├── [-rw-r----- root root ] 2013_04_24.stderrout.log
├── [-rw-r----- root root ] 2013_04_25.stderrout.log
├── [-rw-r----- root root ] 2013_04_25.stderrout.log.072937516
├── [-rw-r----- root root ] 2013_04_25.stderrout.log.081905945
├── [-rw-r----- root root ] 2013_04_26.stderrout.log
├── [-rw-r----- root root ] 2013_04_27.stderrout.log
├── [-rw-r----- root root ] 2013_04_28.stderrout.log
├── [-rw-r----- root root ] 2013_04_29.stderrout.log
├── [-rw-r----- root root ] 2013_04_30.stderrout.log
├── [-rw-r----- root root ] 2013_05_01.stderrout.log
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.084139975
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.084715926
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.085306130
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.091040820
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.092244984
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.093045025
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.093549473
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.143220059
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.151955938
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.152555235
└── [-rw-r----- root root ] start.log
6 directories, 88 files
Updated by Dennis Cabooter over 11 years ago
I forgot the
tags..# tree -u -g -p /var/log/rudder
/var/log/rudder
├── [drwxr-xr-x root root ] apache2
│ ├── [-rw-r----- root adm ] access.log
│ ├── [-rw-r----- root adm ] access.log.10.gz
│ ├── [-rw-r----- root adm ] access.log.11.gz
│ ├── [-rw-r--r-- root root ] access.log.12.gz
│ ├── [-rw-r----- root adm ] access.log.1.gz
│ ├── [-rw-r----- root adm ] access.log.2.gz
│ ├── [-rw-r----- root adm ] access.log.3.gz
│ ├── [-rw-r----- root adm ] access.log.4.gz
│ ├── [-rw-r----- root adm ] access.log.5.gz
│ ├── [-rw-r----- root adm ] access.log.6.gz
│ ├── [-rw-r----- root adm ] access.log.7.gz
│ ├── [-rw-r----- root adm ] access.log.8.gz
│ ├── [-rw-r----- root adm ] access.log.9.gz
│ ├── [-rw-r----- root adm ] error.log
│ ├── [-rw-r----- root adm ] error.log.1.gz
│ ├── [-rw-r----- root adm ] error.log.2.gz
│ ├── [-rw-r----- root adm ] error.log.3.gz
│ ├── [-rw-r----- root adm ] error.log.4.gz
│ ├── [-rw-r----- root adm ] error.log.5.gz
│ └── [-rw-r--r-- root root ] error.log.6.gz
├── [drwxr-x--- root root ] compliance
│ ├── [-rw-r----- root adm ] non-compliant-reports.log
│ ├── [-rw-r----- root adm ] non-compliant-reports.log.1.gz
│ ├── [-rw-r----- root adm ] non-compliant-reports.log.2.gz
│ ├── [-rw-r----- root adm ] non-compliant-reports.log.3.gz
│ ├── [-rw-r----- root adm ] non-compliant-reports.log.4.gz
│ └── [-rw-r----- root root ] non-compliant-reports.log.5.gz
├── [drwxr-x--- root root ] core
│ ├── [-rw-r----- root adm ] rudder-webapp.log
│ ├── [-rw-r----- root adm ] rudder-webapp.log.1.gz
│ ├── [-rw-r----- root adm ] rudder-webapp.log.2.gz
│ ├── [-rw-r----- root adm ] rudder-webapp.log.3.gz
│ ├── [-rw-r----- root adm ] rudder-webapp.log.4.gz
│ └── [-rw-r----- root root ] rudder-webapp.log.5.gz
├── [drwxr-xr-x root root ] ldap
│ ├── [-rw-r----- syslog adm ] slapd.log
│ └── [-rw-r----- syslog adm ] slapd.log.1.gz
├── [drwxr-xr-x root root ] reports
│ ├── [-rw-r----- root adm ] all.log
│ ├── [-rw-r----- root adm ] all.log.1.gz
│ ├── [-rw-r----- syslog adm ] all.log.2.gz
│ ├── [-rw-r----- root adm ] extLinuxReport.log
│ ├── [-rw-r----- syslog adm ] extLinuxReport.log.1.gz
│ ├── [-rw-r----- root adm ] linuxlog.log
│ ├── [-rw-r----- syslog adm ] linuxlog.log.1.gz
│ └── [-rw-r----- syslog adm ] winlog.log
└── [drwxr-xr-x root root ] webapp
├── [-rw-r----- root root ] 2013_04_16.stderrout.log
├── [-rw-r----- root root ] 2013_04_16.stderrout.log.150646068
├── [-rw-r----- root root ] 2013_04_16.stderrout.log.150813539
├── [-rw-r----- root root ] 2013_04_16.stderrout.log.151900080
├── [-rw-r----- root root ] 2013_04_16.stderrout.log.153526709
├── [-rw-r----- root root ] 2013_04_17.stderrout.log
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.100611131
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.121008443
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.121131541
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.124419522
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.132819555
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.142650306
├── [-rw-r----- root root ] 2013_04_17.stderrout.log.155654904
├── [-rw-r----- root root ] 2013_04_18.stderrout.log
├── [-rw-r----- root root ] 2013_04_18.stderrout.log.085608570
├── [-rw-r----- root root ] 2013_04_18.stderrout.log.151008184
├── [-rw-r----- root root ] 2013_04_18.stderrout.log.151508637
├── [-rw-r----- root root ] 2013_04_19.stderrout.log
├── [-rw-r----- root root ] 2013_04_19.stderrout.log.072045265
├── [-rw-r----- root root ] 2013_04_20.stderrout.log
├── [-rw-r----- root root ] 2013_04_21.stderrout.log
├── [-rw-r----- root root ] 2013_04_22.stderrout.log
├── [-rw-r----- root root ] 2013_04_23.stderrout.log
├── [-rw-r----- root root ] 2013_04_23.stderrout.log.095940240
├── [-rw-r----- root root ] 2013_04_23.stderrout.log.100303870
├── [-rw-r----- root root ] 2013_04_24.stderrout.log
├── [-rw-r----- root root ] 2013_04_25.stderrout.log
├── [-rw-r----- root root ] 2013_04_25.stderrout.log.072937516
├── [-rw-r----- root root ] 2013_04_25.stderrout.log.081905945
├── [-rw-r----- root root ] 2013_04_26.stderrout.log
├── [-rw-r----- root root ] 2013_04_27.stderrout.log
├── [-rw-r----- root root ] 2013_04_28.stderrout.log
├── [-rw-r----- root root ] 2013_04_29.stderrout.log
├── [-rw-r----- root root ] 2013_04_30.stderrout.log
├── [-rw-r----- root root ] 2013_05_01.stderrout.log
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.084139975
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.084715926
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.085306130
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.091040820
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.092244984
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.093045025
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.093549473
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.143220059
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.151955938
├── [-rw-r----- root root ] 2013_05_01.stderrout.log.152555235
└── [-rw-r----- root root ] start.log
6 directories, 88 files
Updated by Vincent MEMBRÉ over 11 years ago
- Tracker changed from Question to Bug
- Assignee set to Matthieu CERDA
- Target version changed from 2.5.3 to 2.3.12
Thanks for report Dennis, there is a permissions error in our log configurations (logrotate ...)
We should look if that bug happens in 2.3 too.
I think Matthieu would be the best to investigate and correct that bug.
Updated by Matthieu CERDA over 11 years ago
- Target version changed from 2.3.12 to 2.3.13
Updated by Matthieu CERDA over 11 years ago
- Project changed from 24 to 34
- Status changed from New to Discussion
- Assignee changed from Matthieu CERDA to Dennis Cabooter
- Priority changed from N/A to 1 (highest)
Well, as slapd runs as root in a base Rudder installation, this should not happen.
Is yours running as root as well ?
Updated by Matthieu CERDA over 11 years ago
- % Done changed from 0 to 20
Hi back Dennis, I'm trying to reproduce the problem.
Can you tell me if this is a one time issue, or a recurring one ?
Updated by Dennis Cabooter over 11 years ago
It occurs everytime the logs get rotated. Slapd is running as root.
# ps wwwuax | grep slapd root 2683 0.0 2.3 1922972 47496 ? Ssl May31 2:35 /opt/rudder/libexec/slapd -h ldap://127.0.0.1:389 -f /opt/rudder/etc/openldap/slapd.conf root 6606 0.0 0.0 8108 924 pts/0 S+ 14:20 0:00 grep --color=auto slapd
Unfortunatly nothing gets written to the log file, unless changing permissions.
# date && ls -al /var/log/rudder/ldap/slapd.log Mon Jun 3 14:23:00 CEST 2013 -rw-r----- 1 root adm 0 Jun 1 06:25 /var/log/rudder/ldap/slapd.log # chown syslog:adm /var/log/rudder/ldap/slapd.log # date && ls -al /var/log/rudder/ldap/slapd.log Mon Jun 3 14:23:39 CEST 2013 # /etc/init.d/slapd restart # date && ls -al /var/log/rudder/ldap/slapd.log Mon Jun 3 14:24:06 CEST 2013 -rw-r----- 1 syslog adm 1738 Jun 3 14:24 /var/log/rudder/ldap/slapd.log
Updated by Matthieu CERDA over 11 years ago
This is quite odd, since the offending permissions are root:adm / 640, slapd should be able to log anyway.
I'll run a test CentOS machine to see what happened.
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.3.13 to 84
Updated by Matthieu CERDA over 11 years ago
- Status changed from Discussion to In progress
- Assignee changed from Dennis Cabooter to Matthieu CERDA
- Priority changed from 1 (highest) to 2
- % Done changed from 20 to 40
I just tried to force a logrotate rotation on a fresh 2.6.1 install and I found the bug: Our logrotate configuration does not restart slapd after a rotation, thus slapd logs are not written anymore. I'm correcting this.
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 84 to 2.4.7
Updated by Nicolas PERRON over 11 years ago
- Target version changed from 2.4.7 to 2.4.8
Updated by Nicolas PERRON about 11 years ago
- Status changed from In progress to Discussion
Matthieu CERDA wrote:
I just tried to force a logrotate rotation on a fresh 2.6.1 install and I found the bug: Our logrotate configuration does not restart slapd after a rotation, thus slapd logs are not written anymore. I'm correcting this.
If you're right, #3603 should fix this issue. Can you confirm it ?
Updated by Matthieu CERDA about 11 years ago
- Assignee changed from Matthieu CERDA to Nicolas PERRON
Yes, I confirm.
Updated by Nicolas PERRON about 11 years ago
- Status changed from Discussion to Rejected
Matthieu CERDA wrote:
Yes, I confirm.
Ok, so I reject this issue
Updated by Jonathan CLARKE about 11 years ago
Nicolas PERRON wrote:
Matthieu CERDA wrote:
Yes, I confirm.
Ok, so I reject this issue
Please don't reject issues that are duplicates without marking them as a duplicate. This is offensive to the bug reporter (sorry Dennis!), because we don't mean "Rejected", what we mean is "Great, this bug has been fixed, just in another bug report!". And Redmine has a nice special section for related bugs at the top.
Updated by Benoît PECCATTE over 9 years ago
- Project changed from 34 to Rudder
- Category set to Packaging
Actions