Bug 146597 - httpd logs not rotating
Summary: httpd logs not rotating
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: logrotate
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-30 09:10 UTC by Stephan Borg
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2005-02-11 10:18:52 UTC


Attachments (Terms of Use)
State prior to logrotation error (34.50 KB, application/x-gzip-compressed)
2005-01-31 21:11 UTC, Stephan Borg
no flags Details
Debug output from logrotate (20.03 KB, text/plain)
2005-02-08 11:17 UTC, Stephan Borg
no flags Details
modified logrotate (66.18 KB, application/octet-stream)
2005-02-09 14:31 UTC, Peter Vrabec
no flags Details
Output of verbose logrotate (23.91 KB, text/plain)
2005-02-09 21:12 UTC, Stephan Borg
no flags Details

Description Stephan Borg 2005-01-30 09:10:29 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040808 Firefox/0.9.3

Description of problem:
During httpd log rotation, get the following error:
error: error running shared postrotate script for /var/log/httpd/*log

Version-Release number of selected component (if applicable):
logrotate-3.7.1-2

How reproducible:
Always

Steps to Reproduce:
1.logrotate /etc/logrotate.conf
    

Actual Results:  error: error running shared postrotate script for
/var/log/httpd/*log

Expected Results:  No errors

Additional info:

To fix the problem, I have changed the first line in
/etc/logrotate.d/httpd to:

/var/log/httpd/*.log {

Problem no longer occurs.

Comment 1 Stephan Borg 2005-01-30 09:13:56 UTC
Sorry, just realised that *.log is not going to find any logs in
/var/log/httpd/

Changed to *_log and appears not to get an error now - not sure if its
working - will find out next week.

Comment 2 Peter Vrabec 2005-01-31 14:59:06 UTC
I can't reproduce it.

Send me content of your
/etc/logrotate.d/httpd, /etc/logrotate.conf
and
verbose output from logrotate


Comment 3 Stephan Borg 2005-01-31 21:11:17 UTC
Created attachment 110460 [details]
State prior to logrotation error

I tried to create the state prior to the error - and the last line of
logrotate.txt shows verbose out of the error occurring.

The only difference I found, is that logrotate would always show this error
when executed repeatedly.

Three points I should mention:
1 - I have SELinux enabled, not sure how this affects log rotation.
2 - I have custom httpd scripts, whose naming convention maybe causing the
error.
3 - When the logrotate error occurs, it appears that all logs are rotated, but
services such as httpd and syslogd are not restarted correctly. This was how I
noticed the error in the first place.

Comment 4 Peter Vrabec 2005-02-01 10:53:09 UTC
I still can't reproduce it even with your logrotate.conf, httpd and logs.

Could u send me your debug output(logrotate -d).
Which root shell do u use?
What did u mean by "logrotate would always show this error
when executed repeatedly".

Comment 5 Stephan Borg 2005-02-01 11:07:13 UTC
I use bash shell.

I can't reproduce the error consistently now either.

After I applied the first work around - the error disappeared and I've
only got it to come back once since then.

Whereas, prior to the work around - everytime I ran logrotate, it
would give me 'error running shared postrotate script for
/var/log/httpd/*log' and not restart any services.

If you wish, we can close off this bug - and if it reoccurs, I won't
touch it and log another bug.

Comment 6 Stephan Borg 2005-02-08 11:17:31 UTC
Created attachment 110789 [details]
Debug output from logrotate

Problem reoccured this week during cron log rotation. Have attached debug
logrotate output as requested. Will leave in broken state should you require
further testing.

Comment 7 Peter Vrabec 2005-02-09 14:31:56 UTC
Created attachment 110869 [details]
modified logrotate

Try reproduce the bug with this modified(added more verbose messages)
logrotate. 

need output of this
# ./logrotate -v -f /etc/logrotate.conf

Comment 8 Stephan Borg 2005-02-09 21:12:28 UTC
Created attachment 110894 [details]
Output of verbose logrotate

As requested.

Comment 9 Peter Vrabec 2005-02-10 14:33:33 UTC
Logrotate fail to execlp temporary file from /tmp.

I think SELinux cause your problem, try to disable it, or allow
logrotate to exec files from /tmp


Comment 10 Daniel Walsh 2005-02-10 14:43:28 UTC
Please do not disable SELinux.  You can turn SELinux into permissive
mode by setenforce 0, or changing the /etc/selinux/config file.
logrotate should be running with full privs in a targeted system.  Are
you seeing any AVC messages in the /var/log/messages file?  

Dan

Comment 11 Stephan Borg 2005-02-10 22:20:03 UTC
OK - discovered what it was.

I have mounted my /tmp parition with the noexec attribute - apparently
this was causing all the trouble.

Not sure what the right way forward is from here - should executable
scripts be allowed from within /tmp ?



Comment 12 Peter Vrabec 2005-02-11 10:18:52 UTC
I think, it is not so secure to allow execute scripts from /tmp.
I don't know SELinux enought but it may be right thing to limit this.

Comment 13 Stephan Borg 2005-02-11 12:05:29 UTC
To be honest, I don't believe this to be an SELinux problem, but rather a
logrotate problem. I guess someone with intimiate knowledge of logrotate can
confirm.

Comment 14 Colin Walters 2005-02-11 15:21:20 UTC
Mounting /tmp with noexec is like locking up your bike with a string.
 It might slow down an attacker for a second or two at most.  Don't
bother; it's not worth the breakage it can cause for legitimate
applications.



Note You need to log in before you can comment on or make changes to this bug.