Bug 146597

Summary: httpd logs not rotating
Product: [Fedora] Fedora Reporter: Stephan Borg <wolff_borg>
Component: logrotateAssignee: Peter Vrabec <pvrabec>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-02-11 10:18:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
State prior to logrotation error
Debug output from logrotate
modified logrotate
Output of verbose logrotate none

Description Stephan Borg 2005-01-30 09:10:29 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040808 Firefox/0.9.3

Description of problem:
During httpd log rotation, get the following error:
error: error running shared postrotate script for /var/log/httpd/*log

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.logrotate /etc/logrotate.conf

Actual Results:  error: error running shared postrotate script for

Expected Results:  No errors

Additional info:

To fix the problem, I have changed the first line in
/etc/logrotate.d/httpd to:

/var/log/httpd/*.log {

Problem no longer occurs.

Comment 1 Stephan Borg 2005-01-30 09:13:56 UTC
Sorry, just realised that *.log is not going to find any logs in

Changed to *_log and appears not to get an error now - not sure if its
working - will find out next week.

Comment 2 Peter Vrabec 2005-01-31 14:59:06 UTC
I can't reproduce it.

Send me content of your
/etc/logrotate.d/httpd, /etc/logrotate.conf
verbose output from logrotate

Comment 3 Stephan Borg 2005-01-31 21:11:17 UTC
Created attachment 110460 [details]
State prior to logrotation error

I tried to create the state prior to the error - and the last line of
logrotate.txt shows verbose out of the error occurring.

The only difference I found, is that logrotate would always show this error
when executed repeatedly.

Three points I should mention:
1 - I have SELinux enabled, not sure how this affects log rotation.
2 - I have custom httpd scripts, whose naming convention maybe causing the
3 - When the logrotate error occurs, it appears that all logs are rotated, but
services such as httpd and syslogd are not restarted correctly. This was how I
noticed the error in the first place.

Comment 4 Peter Vrabec 2005-02-01 10:53:09 UTC
I still can't reproduce it even with your logrotate.conf, httpd and logs.

Could u send me your debug output(logrotate -d).
Which root shell do u use?
What did u mean by "logrotate would always show this error
when executed repeatedly".

Comment 5 Stephan Borg 2005-02-01 11:07:13 UTC
I use bash shell.

I can't reproduce the error consistently now either.

After I applied the first work around - the error disappeared and I've
only got it to come back once since then.

Whereas, prior to the work around - everytime I ran logrotate, it
would give me 'error running shared postrotate script for
/var/log/httpd/*log' and not restart any services.

If you wish, we can close off this bug - and if it reoccurs, I won't
touch it and log another bug.

Comment 6 Stephan Borg 2005-02-08 11:17:31 UTC
Created attachment 110789 [details]
Debug output from logrotate

Problem reoccured this week during cron log rotation. Have attached debug
logrotate output as requested. Will leave in broken state should you require
further testing.

Comment 7 Peter Vrabec 2005-02-09 14:31:56 UTC
Created attachment 110869 [details]
modified logrotate

Try reproduce the bug with this modified(added more verbose messages)

need output of this
# ./logrotate -v -f /etc/logrotate.conf

Comment 8 Stephan Borg 2005-02-09 21:12:28 UTC
Created attachment 110894 [details]
Output of verbose logrotate

As requested.

Comment 9 Peter Vrabec 2005-02-10 14:33:33 UTC
Logrotate fail to execlp temporary file from /tmp.

I think SELinux cause your problem, try to disable it, or allow
logrotate to exec files from /tmp

Comment 10 Daniel Walsh 2005-02-10 14:43:28 UTC
Please do not disable SELinux.  You can turn SELinux into permissive
mode by setenforce 0, or changing the /etc/selinux/config file.
logrotate should be running with full privs in a targeted system.  Are
you seeing any AVC messages in the /var/log/messages file?  


Comment 11 Stephan Borg 2005-02-10 22:20:03 UTC
OK - discovered what it was.

I have mounted my /tmp parition with the noexec attribute - apparently
this was causing all the trouble.

Not sure what the right way forward is from here - should executable
scripts be allowed from within /tmp ?

Comment 12 Peter Vrabec 2005-02-11 10:18:52 UTC
I think, it is not so secure to allow execute scripts from /tmp.
I don't know SELinux enought but it may be right thing to limit this.

Comment 13 Stephan Borg 2005-02-11 12:05:29 UTC
To be honest, I don't believe this to be an SELinux problem, but rather a
logrotate problem. I guess someone with intimiate knowledge of logrotate can

Comment 14 Colin Walters 2005-02-11 15:21:20 UTC
Mounting /tmp with noexec is like locking up your bike with a string.
 It might slow down an attacker for a second or two at most.  Don't
bother; it's not worth the breakage it can cause for legitimate