Bug 583489 - Log rotation permissions wrong
Summary: Log rotation permissions wrong
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: squid
Version: 13
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Jiri Skala
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-18 19:55 UTC by Trever Adams
Modified: 2014-11-09 22:32 UTC (History)
6 users (show)

Fixed In Version: squid-3.1.1-4.fc13
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-05-04 23:53:40 UTC
Type: ---


Attachments (Terms of Use)

Description Trever Adams 2010-04-18 19:55:44 UTC
Description of problem:
On April 2nd there were releases to squid and logrotate. One of these, or both, was broken. Now, every Sunday on logrotate permissions for the logs gets set to root.adm instead of squid.squid which causes squid to shut down and/or crash.

Version-Release number of selected component (if applicable):
logrotate-3.7.8-7.fc13.i686
7:squid-3.1.1-2.fc13.i686

How reproducible:
Every Sunday

Steps to Reproduce:
1. Install Squid
2. Use Squid
3. Sunday
4. Squid is gone

Comment 1 Henrik Nordström 2010-04-18 21:41:24 UTC
Strange. The logrotate definition for squid have not changed in ages.

What is the create directive set to in your /etc/logrotate.conf? The squid logrotate scripts assumes the default is just "create" with no user or mode specified (means mode & owner will be inherited from old log) and will break if the system default setting is changed to force root owner. 

A simple fix is adding the 

   nocreate

directive to /etc/logrotate.d/squid as Squid will automatically create the logfiles when reopening them.

Comment 2 Henrik Nordström 2010-04-18 21:46:41 UTC
Note: The default "create" is intentional for Squid to keep any permission or group changes made to the log files. Using nocreate will make the permissions reset to Squid default on each rotate.

Comment 3 Ondrej Vasik 2010-04-18 22:40:43 UTC
Probably caused by change for https://bugzilla.redhat.com/show_bug.cgi?id=489038 , added logrotate maintainer to cc.

Comment 4 Trever Adams 2010-04-19 07:22:51 UTC
create 0640 root adm

Yes, it does appear to have been caused by changes from that bugreport. I am not sure what the correct solution is, but as is things do NOT work.

As you mentioned in that bug report, you are fine with adding nocreate to /etc/logrotate.d/squid. Unless a good reason shows up for not doing this, can you do so?

Comment 5 Trever Adams 2010-04-19 07:23:12 UTC
create 0640 root adm

Yes, it does appear to have been caused by changes from that bugreport. I am not sure what the correct solution is, but as is things do NOT work.

As you mentioned in that bug report, you are fine with adding nocreate to /etc/logrotate.d/squid. Unless a good reason shows up for not doing this, can you do so?

Thank you very much.

Comment 6 Fedora Update System 2010-04-19 20:06:45 UTC
squid-3.1.1-4.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/squid-3.1.1-4.fc13

Comment 7 Fedora Update System 2010-04-21 02:24:57 UTC
squid-3.1.1-4.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update squid'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/squid-3.1.1-4.fc13

Comment 8 Trever Adams 2010-04-27 13:30:43 UTC
I believe this has been fixed. Please, leave it open until next Monday, just in case.

Comment 9 Trever Adams 2010-05-03 18:42:21 UTC
It is indeed fixed. Squid is still running, no restarts, no reboot. Thank you very much. You can close this as soon as QA is finished (since I am not sure what is involved there).

Comment 10 Fedora Update System 2010-05-04 23:53:35 UTC
squid-3.1.1-4.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.