+++ This bug was initially created as a clone of Bug #1329573 +++ Description of problem: The fix for BZ1310173 introduced in: * Thu Mar 10 2016 Alex Wood <awood> 0.9.49.12-1 - removing initialization of pool.entitlements (fnguyen) - Introducing batching to CRL job to workaround Postgres IN clause limit (fnguyen) - 1310173: Backport logrotate config entry (wpoteat) - Mass Pool lock (fnguyen) Causes logrotate failures under RHEL6.7 to be reported through Cron: ------- From: Anacron [root.hilti.com] Sent: Mittwoch, 20. April 2016 05:49 To: root.hilti.com Subject: Anacron job 'cron.daily' on li-lc-1578 /etc/cron.daily/logrotate: error: candlepin:2 unknown option 'su' -- ignoring line error: candlepin:2 unexpected text ------- vrempet@li-lc-1578 ~ $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.7 (Santiago) vrempet@li-lc-1578 ~ $ rpm -qf /etc/logrotate.d/candlepin candlepin-0.9.49.12-1.el6.noarch Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Install candlepin-0.9.49.12-1.el6.noarch on RHEL6.7 2. Exeute: $ sudo logrotate /etc/logrotate.conf error: candlepin:2 unknown option 'su' -- ignoring line error: candlepin:2 unexpected text 3. Actual results: Error Expected results: Success Additional info: --- Additional comment from Peter Vreman on 2016-04-22 05:43:37 EDT --- RHEL6.7 provides: vrempet@li-lc-1578 ~ $ rpm -q logrotate logrotate-3.7.8-26.el6_7.x86_64 The used 'su' command is only introduced in 3.8.0 of logrotate: 3.7.9 -> 3.8.0 - added "dateyesterday" option (see man page) - fixed crash when config file had exactly 4096*N bytes - added WITH_ACL make option to link against -lacl and preserve ACLs during rotation - added "su" option to define user/group for rotation. Logrotate now skips directories which are world writable or writable by group which is not "root" unless "su" directive is used. - fixed CVE-2011-1098: race condition by creation of new files - fixed possible shell injection when using "shred" directive (CVE-2011-1154) - fixed escaping of file names within 'write state' action (CVE-2011-1155) - better 'size' directive description - fixed possible buffer-overflow when reading config files - NetBSD/FreeBSD compilation fixes - Solaris compilation fixes