RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1894344 - Permissions in /etc/logrotate.d/dnf do not match the rpm permissions
Summary: Permissions in /etc/logrotate.d/dnf do not match the rpm permissions
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: dnf
Version: 8.2
Hardware: x86_64
OS: Linux
low
high
Target Milestone: rc
: 8.0
Assignee: amatej
QA Contact: Eva Mrakova
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-11-04 05:07 UTC by Ravindra Patil
Modified: 2024-10-01 17:01 UTC (History)
4 users (show)

Fixed In Version: dnf-4.4.2-9.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-05-18 15:01:28 UTC
Type: Bug
Target Upstream Version:
Embargoed:
pm-rhel: mirror+

Attachments (Terms of Use)

Description Ravindra Patil 2020-11-04 05:07:05 UTC 
Description of problem:

Version-Release number of selected component (if applicable):
The permissions of the /var/log/dnf.librepo.log & /var/log/hawkey.log files in dnf-data-4.2.17-7.el8_2.noarch are 0644 but the /etc/logrotate.d/dnf file reset the permissions to 0600. 

The permissions should be consistent to be 644 and not 600. 

$ rpm -qlv dnf-data-4.2.17-7.el8_2.noarch | egrep '/var/log/hawkey.log|/var/log/dnf.librepo.log'
-rw-r--r--    1 root    root                        0 May  7 12:34 /var/log/dnf.librepo.log
-rw-r--r--    1 root    root                        0 May  7 12:34 /var/log/hawkey.log


$ cat /etc/logrotate.d/dnf
/var/log/dnf.librepo.log {
    missingok
    notifempty
    rotate 4
    weekly
    create 0600 root root
}


/var/log/hawkey.log {
    missingok
    notifempty
    rotate 4
    weekly
    create 0600 root root
}

How reproducible:
- Install the package
- Let the logrotation happen on /var/log/dnf.librepo.log and /var/log/hawkey.log
- Check new files created after log rotation. 

Steps to Reproduce:
1. Install the package
2. Let the log files rotate
3. Check permissions on newly created files after log rotation

Actual results:
Permission of newly created files is 600

Expected results:
Permission on newly created files should be 644

Additional info:

Suggested to change permissions in configuration files manually to 644
$ vi /etc/logrotate.d/dnf
/var/log/dnf.librepo.log {
    missingok
    notifempty
    rotate 4
    weekly
    create 0644 root root
}


/var/log/hawkey.log {
    missingok
    notifempty
    rotate 4
    weekly
    create 0644 root root
}

But customer wants to change the default rpm installation to have 644 permissions.
Comment 1 amatej 2020-11-24 14:21:01 UTC 
PR: https://github.com/rpm-software-management/dnf/pull/1693

It changes permissions only for hawkey.log because all other logs are handled by python's logrotate since https://github.com/rpm-software-management/dnf/pull/1394 and it handles the permissions correctly.
Comment 13 errata-xmlrpc 2021-05-18 15:01:28 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (dnf bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1657
Note You need to log in before you can comment on or make changes to this bug.