Bug #4445
closed
Wrong permissions slapd.log after logrotate
Added by Dennis Cabooter about 10 years ago.
Updated about 10 years ago.
Category:
System techniques
Description
The slapd.log file has the wrong permissions after a logrotate.
# ls -al /var/log/rudder/ldap/
total 232
drwxr-xr-x 2 root root 4096 Feb 6 06:28 .
drwxr-xr-x 8 root root 4096 Apr 25 2013 ..
-rw-r----- 1 root adm 0 Feb 6 06:28 slapd.log
-rw-r--r-- 1 syslog adm 224657 Feb 6 06:25 slapd.log.1
As you can see slapd.log is 0 size due to wrong permissions.
The logrotate sets the wrong permissions, because of this:
# head -36 /etc/logrotate.d/rudder | tail -16
/var/log/rudder/ldap/slapd.log {
...
create 640 root adm
...
}
- Status changed from New to 8
- Assignee set to Matthieu CERDA
- Priority changed from N/A to 1
Good catch, thanks.
Matthieu, could you look for the first version of that bug, and correct it ? Denis analysis seems OK, so it should be a matter of minutes.
Yesterday I edited /etc/logrotate.d/rudder, so new logs will be owned by syslog:adm instead of root:adm. However, Rudder changed it back. For now I will edit the file again and set the immutable bit on it.
- Status changed from 8 to Discussion
- Assignee changed from Matthieu CERDA to Dennis Cabooter
I don't see any problem here. slapd runs as root, so it is correct that the file shuold belong to root.
However, slapd rarely writes to it's log file. Maybe this is why you see this?
Could you try resetting the logrotate config to it's initial value, and then after there has been a logroate and you see a 0 byte sized file, run "/etc/init.d/slapd status"? This should output some lines in the file.
If not, I can't reproduce this, it works OK for me (on Debian 6).
Please try it on Ubuntu 12.04 to. Ubuntu 12.04 != Debian 6. Nothing is written to the slapd log with root perms.
Hi Jooooooon. :)
There are more logs 0 size:
reports/all.log
reports/extLinuxReport.log
reports/linuxlog.log
reports/winlog.log
core/rudder-webapp.log
compliance/non-compliant-reports.log
But maybe they don't write too much. Slapd will always log when restarted. But not if the log file is owned by root.
- Category set to System techniques
- Status changed from Discussion to 8
- Assignee changed from Dennis Cabooter to Nicolas CHARLES
I do confirm the issue
On debian, the user running syslog is root
ps -aux | grep syslog
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
root 1795 0.0 0.0 9616 884 pts/1 S+ 18:42 0:00 grep syslog
root 25632 0.0 0.2 200596 5004 ? Sl Jan23 17:50 /usr/sbin/rsyslogd -c4
while on ubuntu it is not
root@server:/var/log/rudder/reports# ps -aux | grep syslog
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
syslog 14309 0.0 0.3 55572 4708 ? Sl 17:36 0:00 rsyslogd -c5
root 14850 0.0 0.0 3912 832 pts/0 S+ 17:42 0:00 grep --color=auto syslog
We need a separate logrotate file for ubuntu
- Target version set to 2.6.11
- Status changed from 8 to Pending technical review
- Assignee changed from Nicolas CHARLES to Jonathan CLARKE
- Pull Request set to https://github.com/Normation/rudder-techniques/pull/306
- Status changed from Pending technical review to Pending release
- % Done changed from 0 to 100
Applied in changeset policy-templates:commit:f0b04c1e5d0b5bc2df26d59d1c14576c42dcfc4b.
Applied in changeset policy-templates:commit:85e97e8ac81f3c7036869db1504ed5cf686bc27a.
This is now fixed (in the next minor releases to come). However, I noticed that the logrotate configs from initial-promises was somewhat out of sync with that of the techniques. This needs syncing, so I created #4551.
- Status changed from Pending release to Released
This bug has been fixed in Rudder 2.6.11, which was released today.
Check out:
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by 
Updated by