Bug 149270

Summary: logrotate is messing up with noexec mounted /tmp
Product: [Fedora] Fedora Reporter: Michal Jaegermann <michal>
Component: logrotateAssignee: Peter Vrabec <pvrabec>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: kclair
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-02-22 13:20:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Check this. none

Description Michal Jaegermann 2005-02-21 20:06:14 UTC 
Description of problem:

After an updgrade to FC3 logrotate fails to switch to new logs
with only not that informative messages from cron like:

error: error running shared postrotate script for /var/log/cups/*_log

Debugging information is not much more revealing either and
only strace eventually shows that logrotate writes to a file with
permissions 0700 in /tmp and tries to run that directly instead
of doing "sh /tmp/<whatever>".  With /tmp which happens to be mounted
"noexec" this clearly fails.

Moreover logrotate.conf does not provide any options to switch
temporary directory somewhere else. Luckily TMPDIR seems to work
but AFAICS this is not mentioned in a documentation either.

Older versions of logrotate did not suffer from this affliction
so this came as a nasty surprise.

Version-Release number of selected component (if applicable):
logrotate-3.7.1-2
Comment 1 Peter Vrabec 2005-02-22 13:19:57 UTC 
Created attachment 111293 [details]
Check this.

I hope it will work fine. Logrotate does not use tmpfile in /tmp to run script.
Comment 2 Michal Jaegermann 2005-02-22 16:44:08 UTC 
What I see in a code indeed it looks that it will work.  There is
one more nit, though.  Both the current and the previous code
(it was writing "#!/bin/sh\n\n" at the top of a temporary file)
presume that all logrorate scripts would have to comprise from
a valid sh code (well, bash in practical terms).  I do not see
that explicitely documented anywhere.

A trivial "one liner" shell wrapper really allows to use there
anything which will execute but one should not dig through sorces
to reach that conclusion.
Comment 3 Kristina Clair 2005-04-13 16:07:41 UTC 
"Luckily TMPDIR seems to work
but AFAICS this is not mentioned in a documentation either."

How exactly would I use TMPDIR to get around this problem?  I tried defining it
in the shell script that runs logrotate, but that didn't help.
Comment 4 Michal Jaegermann 2005-04-13 17:12:34 UTC 
export TMPDIR=/var/tmp

as the second line in /etc/cron.daily/logrotate should do assuming that
a version of /usr/sbin/logrotate pays attention to that variable.  Worksforme.
Comment 5 Michal Jaegermann 2005-10-16 16:28:36 UTC 
3.7.1-5.RHEL4, with last changelog entries from 2005-07-13, is broken in
the same way as 3.7.1-2