Description of problem: On oVirt (using 3.6 snapshot from 18-19/11/2015) in self-hosted mode, hyperconverged with GlusterFS (3.7.6), all on CentOS 7.1 fully updated, the HA Agent/Broker logs have incorrect permissions/ownership (when automatically rotated too). Version-Release number of selected component (if applicable): 1.3.3-0.0.master.20151118145556.20151118145552.git71b535e How reproducible: Install oVirt in self-hosted mode; after the setup ends, wait for the logs to be generated/rotated. Steps to Reproduce: 1. Start self-hosted-engine setup 2. Complete Engine vm creation and finish setup 3. Wait some days then list the /var/log/ovirt-hosted-engine-ha/ log directory Actual results: -rw-rw-rw-. 1 vdsm kvm 9023997 Nov 30 10:12 agent.log -rw-r--r--. 1 root root 12121823 Nov 23 15:12 agent.log.2015-11-22 -rw-rw-rw-. 1 vdsm kvm 11997695 Nov 24 15:12 agent.log.2015-11-23 -rw-rw-rw-. 1 vdsm kvm 11892393 Nov 25 15:12 agent.log.2015-11-24 -rw-rw-rw-. 1 vdsm kvm 11788293 Nov 26 15:12 agent.log.2015-11-25 -rw-rw-rw-. 1 vdsm kvm 11685723 Nov 27 15:12 agent.log.2015-11-26 -rw-rw-rw-. 1 vdsm kvm 11587393 Nov 28 15:12 agent.log.2015-11-27 -rw-rw-rw-. 1 vdsm kvm 11481856 Nov 29 15:12 agent.log.2015-11-28 -rw-rw-rw-. 1 vdsm kvm 7531289 Nov 30 10:12 broker.log -rw-r--r--. 1 root root 6334293 Nov 23 15:12 broker.log.2015-11-22 -rw-rw-rw-. 1 vdsm kvm 6340646 Nov 24 15:12 broker.log.2015-11-23 -rw-rw-rw-. 1 vdsm kvm 6362304 Nov 25 15:12 broker.log.2015-11-24 -rw-rw-rw-. 1 vdsm kvm 8342595 Nov 26 15:12 broker.log.2015-11-25 -rw-rw-rw-. 1 vdsm kvm 9462627 Nov 27 15:12 broker.log.2015-11-26 -rw-rw-rw-. 1 vdsm kvm 9513886 Nov 28 15:12 broker.log.2015-11-27 -rw-rw-rw-. 1 vdsm kvm 9518002 Nov 29 15:12 broker.log.2015-11-28 Expected results: All logs with permissions 644 (-rw-r--r--) and all owned by vdsm:kvm Additional info: Confirmed on users mailing list: http://lists.ovirt.org/pipermail/users/2015-November/036234.html As noted by Simone Tiraboschi in the message above, the severity is low since the parent directory has sufficient permissions to block any unwanted disclosure/modification.
the containing directory of the logs has 0600 so no user can access that. [root@dev-22 ~]# ls -al /var/log/ovirt-hosted-engine-ha/ celkem 152968 drwx------. 2 vdsm kvm 4096 16. pro 08.54 . drwxr-xr-x. 14 root root 4096 14. pro 03.32 .. -rw-rw-rw-. 1 vdsm kvm 319135 16. pro 10.59 agent.log -rw-rw-rw-. 1 vdsm kvm 3587171 10. pro 08.53 agent.log.2015-12-09 -rw-rw-rw-. 1 vdsm kvm 3586078 11. pro 08.53 agent.log.2015-12-10 -rw-rw-rw-. 1 vdsm kvm 3586001 12. pro 08.53 agent.log.2015-12-11 -rw-rw-rw-. 1 vdsm kvm 3586609 13. pro 08.53 agent.log.2015-12-12 -rw-rw-rw-. 1 vdsm kvm 3585823 14. pro 08.53 agent.log.2015-12-13 -rw-rw-rw-. 1 vdsm kvm 3586226 15. pro 08.53 agent.log.2015-12-14 -rw-rw-rw-. 1 vdsm kvm 3637149 16. pro 08.54 agent.log.2015-12-15 -rw-rw-rw-. 1 vdsm kvm 1689971 16. pro 10.59 broker.log -rw-rw-rw-. 1 vdsm kvm 18424523 10. pro 08.48 broker.log.2015-12-09 -rw-rw-rw-. 1 vdsm kvm 18411823 11. pro 08.48 broker.log.2015-12-10 -rw-rw-rw-. 1 vdsm kvm 18381747 12. pro 08.48 broker.log.2015-12-11 -rw-rw-rw-. 1 vdsm kvm 18394032 13. pro 08.48 broker.log.2015-12-12 -rw-rw-rw-. 1 vdsm kvm 18402339 14. pro 08.48 broker.log.2015-12-13 -rw-rw-rw-. 1 vdsm kvm 18406039 15. pro 08.48 broker.log.2015-12-14 -rw-rw-rw-. 1 vdsm kvm 18470255 16. pro 08.48 broker.log.2015-12-15
This bug is marked for z-stream, yet the milestone is for a major version, therefore the milestone has been reset. Please set the correct milestone or drop the z stream flag.
Moving to patch owner.
Verified on ovirt-hosted-engine-ha-2.2.0-0.0.master.20170616124434.20170616124430.git18dac95.el7.centos.noarch All logs have correct permissions: # ll total 620548 -rw-r--r--. 1 vdsm kvm 42195126 Jul 16 13:20 agent.log -rw-r--r--. 1 vdsm kvm 43819703 Jul 8 13:53 agent.log.2017-07-07 -rw-r--r--. 1 vdsm kvm 82848397 Jul 10 11:34 agent.log.2017-07-09 -rw-r--r--. 1 vdsm kvm 44136076 Jul 11 11:34 agent.log.2017-07-10 -rw-r--r--. 1 vdsm kvm 44025500 Jul 12 11:34 agent.log.2017-07-11 -rw-r--r--. 1 vdsm kvm 46349756 Jul 13 14:09 agent.log.2017-07-12 -rw-r--r--. 1 vdsm kvm 44081483 Jul 14 14:09 agent.log.2017-07-13 -rw-r--r--. 1 vdsm kvm 43871293 Jul 15 14:09 agent.log.2017-07-14 -rw-r--r--. 1 vdsm kvm 23042560 Jul 16 13:20 broker.log -rw-r--r--. 1 vdsm kvm 25205005 Jul 8 12:28 broker.log.2017-07-07 -rw-r--r--. 1 vdsm kvm 48691256 Jul 10 11:42 broker.log.2017-07-09 -rw-r--r--. 1 vdsm kvm 25164420 Jul 11 11:42 broker.log.2017-07-10 -rw-r--r--. 1 vdsm kvm 25035386 Jul 12 11:42 broker.log.2017-07-11 -rw-r--r--. 1 vdsm kvm 27139952 Jul 13 15:10 broker.log.2017-07-12 -rw-r--r--. 1 vdsm kvm 25047145 Jul 14 15:11 broker.log.2017-07-13 -rw-r--r--. 1 vdsm kvm 25080459 Jul 15 15:11 broker.log.2017-07-14
This bugzilla is included in oVirt 4.2.0 release, published on Dec 20th 2017. Since the problem described in this bug report should be resolved in oVirt 4.2.0 release, published on Dec 20th 2017, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.