Bug 1310173

Summary: Candlepin logrotate reports insecure permissions
Product: [Community] Candlepin Reporter: Barnaby Court <bcourt>
Component: candlepinAssignee: William Poteat <wpoteat>
Status: CLOSED CURRENTRELEASE QA Contact: Katello QA List <katello-qa-list>
Severity: medium Docs Contact:
Priority: high    
Version: 0.9CC: erinn.looneytriggs, tcarlin, wpoteat
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-16 14:22:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1142677, 1212955    

Description Barnaby Court 2016-02-19 16:28:20 UTC 
logrotate reports the following message when performing some Satellite related logfiles:

---%<---

/etc/cron.daily/logrotate:

error: skipping "/var/log/candlepin/audit.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/candlepin/candlepin.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/candlepin/cpdb.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/candlepin/cpinit.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/candlepin/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/tomcat/catalina.out" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

---%<---

Seems like there is a parameter in the config files missing.

Version-Release number of selected component (if applicable):
Satellite 6.0.4 on RHEL7

How reproducible:
Install Satellite 6.0.4
Wait for the daily logrotate or run "logrotate /var/log/candlepin

Additional info:

Work around documented at https://access.redhat.com/solutions/1597913
Comment 1 Barnaby Court 2016-02-26 19:25:12 UTC 
Raising the priority due to the number of upstream issues & customer cases.
Comment 2 William Poteat 2016-03-04 20:19:16 UTC 
Fixed across branches:

Hotfix 0.9.49: 2b916f8f8206aa613dcb3db0df55b49526cc469e
Hotfix 0.9.51: c09bb13a312b0c424ac3eae66d92a131a805b70b
Hotfix 0.9.54: 0dca12dde4274360c4d18ff014a62b14c3c0eae5
Master: 2ed3433638f23378d830858349ad71f989e48ad9
Comment 3 William Poteat 2016-03-07 13:52:52 UTC 
/var/log/tomcat/catalina.out logrotate is not set by the Candlepin process. Will need to be fixed elsewhere.
Comment 4 Mike McCune 2016-03-28 23:46:11 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 5 Barnaby Court 2016-05-16 14:22:17 UTC 
Fixed in 0.9.54.6