Bug #4445
closedWrong permissions slapd.log after logrotate
Description
The slapd.log file has the wrong permissions after a logrotate.
# ls -al /var/log/rudder/ldap/ total 232 drwxr-xr-x 2 root root 4096 Feb 6 06:28 . drwxr-xr-x 8 root root 4096 Apr 25 2013 .. -rw-r----- 1 root adm 0 Feb 6 06:28 slapd.log -rw-r--r-- 1 syslog adm 224657 Feb 6 06:25 slapd.log.1
As you can see slapd.log is 0 size due to wrong permissions.
The logrotate sets the wrong permissions, because of this:
# head -36 /etc/logrotate.d/rudder | tail -16 /var/log/rudder/ldap/slapd.log { ... create 640 root adm ... }
Updated by François ARMAND almost 11 years ago
- Status changed from New to 8
- Assignee set to Matthieu CERDA
- Priority changed from N/A to 1 (highest)
Good catch, thanks.
Matthieu, could you look for the first version of that bug, and correct it ? Denis analysis seems OK, so it should be a matter of minutes.
Updated by Dennis Cabooter almost 11 years ago
Yesterday I edited /etc/logrotate.d/rudder, so new logs will be owned by syslog:adm instead of root:adm. However, Rudder changed it back. For now I will edit the file again and set the immutable bit on it.
Updated by Jonathan CLARKE almost 11 years ago
- Status changed from 8 to Discussion
- Assignee changed from Matthieu CERDA to Dennis Cabooter
I don't see any problem here. slapd runs as root, so it is correct that the file shuold belong to root.
However, slapd rarely writes to it's log file. Maybe this is why you see this?
Could you try resetting the logrotate config to it's initial value, and then after there has been a logroate and you see a 0 byte sized file, run "/etc/init.d/slapd status"? This should output some lines in the file.
If not, I can't reproduce this, it works OK for me (on Debian 6).
Updated by Dennis Cabooter almost 11 years ago
Please try it on Ubuntu 12.04 to. Ubuntu 12.04 != Debian 6. Nothing is written to the slapd log with root perms.
Updated by Dennis Cabooter almost 11 years ago
Hi Jooooooon. :)
There are more logs 0 size:
reports/all.log reports/extLinuxReport.log reports/linuxlog.log reports/winlog.log core/rudder-webapp.log compliance/non-compliant-reports.log
But maybe they don't write too much. Slapd will always log when restarted. But not if the log file is owned by root.
Updated by Nicolas CHARLES almost 11 years ago
- Category set to System techniques
- Status changed from Discussion to 8
- Assignee changed from Dennis Cabooter to Nicolas CHARLES
I do confirm the issue
On debian, the user running syslog is root
ps -aux | grep syslog Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html root 1795 0.0 0.0 9616 884 pts/1 S+ 18:42 0:00 grep syslog root 25632 0.0 0.2 200596 5004 ? Sl Jan23 17:50 /usr/sbin/rsyslogd -c4
while on ubuntu it is not
root@server:/var/log/rudder/reports# ps -aux | grep syslog Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html syslog 14309 0.0 0.3 55572 4708 ? Sl 17:36 0:00 rsyslogd -c5 root 14850 0.0 0.0 3912 832 pts/0 S+ 17:42 0:00 grep --color=auto syslog
We need a separate logrotate file for ubuntu
Updated by Nicolas CHARLES almost 11 years ago
- Status changed from 8 to Pending technical review
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/306
Updated by Nicolas CHARLES almost 11 years ago
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset policy-templates:commit:f0b04c1e5d0b5bc2df26d59d1c14576c42dcfc4b.
Updated by Jonathan CLARKE almost 11 years ago
Applied in changeset policy-templates:commit:85e97e8ac81f3c7036869db1504ed5cf686bc27a.
Updated by Jonathan CLARKE almost 11 years ago
This is now fixed (in the next minor releases to come). However, I noticed that the logrotate configs from initial-promises was somewhat out of sync with that of the techniques. This needs syncing, so I created #4551.
Updated by Vincent MEMBRÉ almost 11 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.6.11, which was released today.
Check out:
- The release announcement: http://www.rudder-project.org/pipermail/rudder-announce/2014-March/000077.html
- The full ChangeLog: http://www.rudder-project.org/foswiki/bin/view/System/Documentation:ChangeLog26
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/