Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1696777

Summary: Logrotate permissions for rhn-proxy prevent execution
Product: [Community] Spacewalk Reporter: heming.gu
Component: Proxy ServerAssignee: Michael Mráka <mmraka>
Status: CLOSED CURRENTRELEASE QA Contact: Red Hat Satellite QA List <satqe-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 2.9CC: jmaughmer
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: spacewalk-proxy-2.10.5-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-23 12:01:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1802137    

Description heming.gu 2019-04-05 15:33:38 UTC 
Description of problem:

$ /etc/cron.daily/logrotate
error: Ignoring rhn-proxy-broker because of bad file mode - must be 0644 or 0444.
error: Ignoring rhn-proxy-redirect because of bad file mode - must be 0644 or 0444.

$ ls -l /etc/logrotate.d/rhn-proxy*
-rw-rw-r--. 1 root root 174 Nov 27 03:13 /etc/logrotate.d/rhn-proxy-broker
-rw-rw-r--. 1 root root 178 Nov 27 03:13 /etc/logrotate.d/rhn-proxy-redirect

After chmodding the logrotate configuration files to 0644, the following error the appears:

$ /etc/cron.daily/logrotate
error: skipping "/var/log/rhn/rhn_proxy_broker.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/rhn/rhn_proxy_redirect.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

$ ls -lah /var/log/rhn/
total 8.6G
drwxrwx---.  2 root   apache   64 Jan 23 06:16 .
drwxr-xr-x. 15 root   root   4.0K Apr  5 11:07 ..
-rw-rw----.  1 apache apache 8.3G Apr  5 11:33 rhn_proxy_broker.log
-rw-rw----.  1 apache apache 9.0M Apr  5 11:00 rhn_proxy_redirect.log



Version-Release number of selected component (if applicable):

spacewalk-proxy-broker-2.9.2-1.el7.noarch
spacewalk-proxy-redirect-2.9.2-1.el7.noarch

How reproducible:
Testing was performed on a CentOS 7 server with Spacewalk Proxy 2.9.2-1.
Comment 1 Justin Maughmer 2019-09-19 15:09:11 UTC 
Issue still present in 2.9.3-1 on RHEL 7.7.

spacewalk-proxy-broker-2.9.3-1.el7.noarch
spacewalk-proxy-redirect-2.9.3-1.el7.noarch
Comment 2 Michael Mráka 2020-03-13 10:51:00 UTC 
Fixed in spacewalk git by
commit 72c52def6ecfbcf68d79a49cfb782f886ba3580d
    1696777 - fixed su directive
commit bab0a6fe73ac9c53f7a174c7f6eeb35fb33caab4
    1696777 - fixed file mode
Comment 3 Michael Mráka 2020-03-23 12:01:45 UTC 
Spacewalk 2.10 has been released.
https://github.com/spacewalkproject/spacewalk/wiki/ReleaseNotes210