Bug 1212955 - [logrotate] error: skipping "/var/log/candlepin/audit.log" because parent directory has insecure permissions
Summary: [logrotate] error: skipping "/var/log/candlepin/audit.log" because parent dir...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Candlepin
Version: 6.1.1
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: Unspecified
Assignee: Barnaby Court
QA Contact: Katello QA List
URL:
Whiteboard:
: 1142677 1291472 (view as bug list)
Depends On: 1310173
Blocks: rhci-common-installer 1296845
TreeView+ depends on / blocked
 
Reported: 2015-04-17 18:54 UTC by Chris Roberts
Modified: 2023-09-07 18:41 UTC (History)
27 users (show)

Fixed In Version: candlepin-0.9.54.6-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-27 11:34:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1142677 0 unspecified CLOSED Candlepin logrotate reports insecure permissions 2023-09-07 18:38:41 UTC
Red Hat Knowledge Base (Solution) 1597913 0 None None None Never

Internal Links: 1142677

Description Chris Roberts 2015-04-17 18:54:24 UTC 
Description of problem:
The following errors get sent to root's email when logrotate runs:

Actual results:
/etc/cron.daily/logrotate:
error: skipping "/var/log/candlepin/audit.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/candlepin/candlepin.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/candlepin/cpdb.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/candlepin/cpinit.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/candlepin/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/tomcat/catalina.out" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

Expected results:
Log rotate to work

Additional info:

I found this bug was filed upstream already, http://projects.theforeman.org/issues/8777

Here's the patch I applied to my local system.  Could this get added to the next available errata release?

--- /root/tomcat.logrotate      2015-04-08 09:46:51.781143412 -0400
+++ tomcat      2015-04-08 09:45:42.933128364 -0400
@@ -1,4 +1,5 @@
 /var/log/tomcat/catalina.out {
+    su tomcat tomcat
     copytruncate
     weekly
     rotate 52

--- /root/candlepin.logrotate   2015-04-08 09:46:50.330143095 -0400
+++ candlepin   2015-04-08 09:45:31.549125882 -0400
@@ -1,4 +1,5 @@
 /var/log/candlepin/*.log {
+    su tomcat tomcat
     copytruncate
     weekly
     rotate 52
Comment 1 RHEL Program Management 2015-04-17 19:17:27 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 8 Christian Horn 2015-12-15 09:17:17 UTC 
Issue is unchanged in 6.1.4.
Comment 11 Thom Carlin 2016-02-09 19:45:37 UTC 
Also occurs in RHCI TP2 RC9
Comment 12 Thom Carlin 2016-03-30 11:01:00 UTC 
and also in QCI TP3 RC2
Comment 13 Bryan Kearney 2016-04-13 19:31:53 UTC 
*** Bug 1291472 has been marked as a duplicate of this bug. ***
Comment 14 Bryan Kearney 2016-05-16 14:24:07 UTC 
This requires candlepin 0.9.54.6 or later.
Comment 15 Bryan Kearney 2016-05-16 15:45:48 UTC 
Moving to POST, please pull in 0.9.54.6.
Comment 17 Corey Welton 2016-06-07 20:42:06 UTC 
*** Bug 1142677 has been marked as a duplicate of this bug. ***
Comment 18 Corey Welton 2016-06-20 15:48:23 UTC 
Appears to be working in SNAP 16.  These messages are no longer appearing in root mail.
Comment 19 Bryan Kearney 2016-07-27 11:34:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1501
Note You need to log in before you can comment on or make changes to this bug.