751525 – Logrotate fails with permissions error following upgrade.

Bug 751525 - Logrotate fails with permissions error following upgrade.

Summary: Logrotate fails with permissions error following upgrade.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	tor
Sub Component:
Version:	16
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Enrico Scholz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	755060 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-11-05 07:29 UTC by TR Bentley
Modified:	2012-01-11 06:15 UTC (History)
CC List:	10 users (show)
Fixed In Version:	tor-0.2.2.35-1601.fc16
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-01-11 06:15:25 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description TR Bentley 2011-11-05 07:29:58 UTC

Description of problem:
Logrotate fails with permissions error

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.Upgrade from F15 to f16 using pre upgrade
2.
3.
  
Actual results:
email with 
/etc/cron.daily/logrotate:

error: skipping "/var/log/tor/*.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.


Expected results:
No email and log rotate works 



Additional info:

Comment 1 Jan Kaluža 2011-11-07 09:41:16 UTC

Logrotate config of Tor has to be updated to fix this issue or the permissions of /var/log/tor directory has to be changed.

This is needed, otherwise there's possible security hole when user in "toranon" group can theoretically email/truncate files owned by by other users using hardlinks even when he doesn't have permissions to do so.

There are two ways how to fix it:

1) Add "su" directive to logrotate config file to let logrotate know which user/group should it use for rotation instead of root:root :

su toranon toranon

2) Change /var/log/tor permissions to pass the check mentioned in error in Comment 1.

Comment 2 TR Bentley 2011-11-08 18:19:17 UTC

Solution fixed problem

Comment 3 Sarantis Paskalis 2011-11-17 08:11:57 UTC

Reopening (it is not fixed in the tor package yet)

Solution #2 would create problems in creating logfiles after rotating.  See also
https://qa.mandriva.com/show_bug.cgi?id=58489

Solution #1 should be the preferred one.
Please update /etc/logrotated.d/tor in tor-core rpm to silence logrotate.

Thanks

Comment 4 Benjamin Lewis 2011-11-29 15:02:17 UTC

*** Bug 755060 has been marked as a duplicate of this bug. ***

Comment 5 Fedora Update System 2011-12-19 09:22:43 UTC

tor-0.2.2.35-1601.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/tor-0.2.2.35-1601.fc16

Comment 6 Fedora Update System 2011-12-21 17:02:51 UTC

Package tor-0.2.2.35-1601.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing tor-0.2.2.35-1601.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2011-17248/tor-0.2.2.35-1601.fc16
then log in and leave karma (feedback).

Comment 7 Fedora Update System 2012-01-11 06:15:25 UTC

tor-0.2.2.35-1601.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.