Bug 1218259 - thttpd has incorrect logrotate postrotate script following move to systemd
Summary: thttpd has incorrect logrotate postrotate script following move to systemd
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: thttpd
Version: 22
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Orphan Owner
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-05-04 12:28 UTC by volker.tanger_redhat
Modified: 2016-07-19 13:58 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-19 13:58:41 UTC
Type: Bug


Attachments (Terms of Use)

Description volker.tanger_redhat 2015-05-04 12:28:41 UTC
The thttpd logrotate script still uses the postrotate script

/sbin/service thttpd condrestart

instead of the one needed by systemd

systemctl condrestart thttpd.service


This results in an STDERR output which then is recorded.
As the restart is properly redirected, the postrotate action does not break yet.

This is similar to bug 1045729, which is for old Fedora distributions and thus has been closed as EOL (of that Fedotra release) - but affect the current Fedora.

Comment 1 Jan Kaluža 2015-05-05 07:24:10 UTC
Moving to thttpd component.

Comment 2 Fedora Admin XMLRPC Client 2015-09-30 19:19:33 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 3 Fedora Admin XMLRPC Client 2015-11-15 21:54:00 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 4 Fedora Update System 2015-11-28 21:53:01 UTC
thttpd-2.25b-35.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-28076d0830

Comment 5 Fedora Update System 2015-11-29 23:53:21 UTC
thttpd-2.25b-35.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
$ su -c 'dnf --enablerepo=updates-testing update thttpd'
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-28076d0830

Comment 6 Christian Kujau 2015-12-08 05:51:54 UTC
This "systemctl condrestart thttpd.service" isn't working either:

# systemctl condrestart thttpd.service
Job for thttpd.service failed because the control process exited with error code. See "systemctl status thttpd.service" and "journalctl -xe" for details.

# systemctl status thttpd.service 
● thttpd.service - Tiny/Turbo/Throttling Web Server
   Loaded: loaded (/usr/lib/systemd/system/thttpd.service; disabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2015-12-07 21:32:55 PST; 26s ago
  Process: 1518 ExecStart=/usr/sbin/thttpd -C /etc/thttpd.conf (code=exited, status=1/FAILURE)
 Main PID: 1172 (code=exited, status=1/FAILURE)

Dec 07 21:32:55 len systemd[1]: Starting Tiny/Turbo/Throttling Web Server...
Dec 07 21:32:55 len systemd[1]: thttpd.service: Control process exited, code=exited status=1
Dec 07 21:32:55 len systemd[1]: Failed to start Tiny/Turbo/Throttling Web Server.
Dec 07 21:32:55 len systemd[1]: thttpd.service: Unit entered failed state.
Dec 07 21:32:55 len systemd[1]: thttpd.service: Failed with result 'exit-code'.
Dec 07 21:32:55 len thttpd[1518]: /var/log/thttpd.log: Operation not permitted



# journalctl -xe
[...]
Dec 07 21:32:55 len thttpd[1518]: /var/log/thttpd.log: Operation not permitted
Dec 07 21:33:15 len python3[1521]: SELinux is preventing thttpd from using the fowner capability.
[...]
        *****  Plugin catchall_boolean (89.3 confidence) suggests   
                                   
  If you want to allow httpd to run stickshift
  Then you must tell SELinux about this by enabling 
  the 'httpd_run_stickshift' boolean.
                                   
  Do
  setsebool -P httpd_run_stickshift 1

Comment 7 Othman Madjoudj 2015-12-08 18:34:47 UTC
Hi, 

Since logs are now not world readable (CVE-2013-0348 / RHBZ #924857), you need to run: setsebool -P httpd_run_stickshift 1 on a system with SELinux enforced

Comment 8 Christian Kujau 2015-12-09 08:01:21 UTC
I've seen the recommendation, but before I enable an SELinux boolean, I'd like to know what it does. Also, since Fedora comes with SELinux enabled by default, the installer should set this if it's needed for thttpd.

The closest thing I got was from http://linuxmanpages.net/manpages/fedora21/man8/httpd_selinux.8.html

 > If you want to allow Apache to run in stickshift mode,  not  transition
 > to  passenger,  you  must  turn  on  the  httpd_run_stickshift boolean.

But no documentation on what "stickshift" or "passenger" mode is.

Comment 9 Fedora Update System 2016-01-16 21:52:43 UTC
thttpd-2.25b-37.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8

Comment 10 Othman Madjoudj 2016-01-16 21:56:42 UTC
Hi Christian,

I've pushed a new patch, please note that you still need to chown the old logs as root:root (or delete them), the permissions are now similar to Apache httpd and Nginx.

Comment 11 Fedora Update System 2016-01-17 19:54:40 UTC
thttpd-2.25b-37.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-06a7c972e8

Comment 12 Christian Kujau 2016-01-19 04:37:12 UTC
Thanks, with thttpd-2.25b-37.fc23, restart/condrestart for is working now!

The only weird thing is the "bind 0.0.0.0 - Address already in use" message during startup, but that's
only a cosmetic issue or material for another bug report.

Thanks again!

============================================================================
# dnf --enablerepo=updates-testing install thttpd
# rpm -qi thttpd | grep -A1 Version
Version     : 2.25b
Release     : 37.fc23

# systemctl status thttpd
● thttpd.service - Tiny/Turbo/Throttling Web Server
   Loaded: loaded (/usr/lib/systemd/system/thttpd.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

# ls -l /var/log/thttpd.log 
ls: cannot access /var/log/thttpd.log: No such file or directory


# systemctl start thttpd
# systemctl status thttpd
● thttpd.service - Tiny/Turbo/Throttling Web Server
   Loaded: loaded (/usr/lib/systemd/system/thttpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2016-01-18 20:27:01 PST; 2s ago
  Process: 2340 ExecStart=/usr/sbin/thttpd -C /etc/thttpd.conf (code=exited, status=0/SUCCESS)
 Main PID: 2342 (thttpd)
   CGroup: /system.slice/thttpd.service
           └─2342 /usr/sbin/thttpd -C /etc/thttpd.conf

Jan 18 20:27:01 len systemd[1]: Starting Tiny/Turbo/Throttling Web Server...
Jan 18 20:27:01 len thttpd[2342]: logfile is not within the chroot tree, you will not be able to re-open it
Jan 18 20:27:01 len thttpd[2342]: bind 0.0.0.0 - Address already in use
Jan 18 20:27:01 len thttpd[2342]: thttpd/2.25b 29dec2003 starting on port 80
Jan 18 20:27:01 len systemd[1]: Started Tiny/Turbo/Throttling Web Server.

# netstat -anptu | grep :80
tcp6       0      0 :::80                   :::*             LISTEN      2342/thttpd  


# ls -lZ /var/log/thttpd.log 
-rw-------. 1 root root system_u:object_r:httpd_log_t:s0 0 Jan 18 20:27 /var/log/thttpd.log


# systemctl restart thttpd
# systemctl status thttpd
● thttpd.service - Tiny/Turbo/Throttling Web Server
   Loaded: loaded (/usr/lib/systemd/system/thttpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2016-01-18 20:27:56 PST; 3s ago
  Process: 2410 ExecStart=/usr/sbin/thttpd -C /etc/thttpd.conf (code=exited, status=0/SUCCESS)
 Main PID: 2411 (thttpd)
   CGroup: /system.slice/thttpd.service
           └─2411 /usr/sbin/thttpd -C /etc/thttpd.conf

Jan 18 20:27:56 len systemd[1]: Starting Tiny/Turbo/Throttling Web Server...
Jan 18 20:27:56 len thttpd[2411]: logfile is not within the chroot tree, you will not be able to re-open it
Jan 18 20:27:56 len thttpd[2411]: bind 0.0.0.0 - Address already in use
Jan 18 20:27:56 len thttpd[2411]: thttpd/2.25b 29dec2003 starting on port 80
Jan 18 20:27:56 len systemd[1]: Started Tiny/Turbo/Throttling Web Server.
============================================================================

Comment 13 Fedora Admin XMLRPC Client 2016-04-20 21:24:30 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 14 Fedora Admin XMLRPC Client 2016-05-11 13:53:57 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 15 Fedora Admin XMLRPC Client 2016-07-14 13:15:21 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 16 Fedora End Of Life 2016-07-19 13:58:41 UTC
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.