+++ This bug was initially created as a clone of Bug #790334 +++ Description of problem: Tomcat's logrotate.d file needs to set "su root tomcat" to suppress logrotate errors like: error: skipping "/var/log/tomcat6/catalina.out" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Install tomcat 2. Run /etc/cron.daily/logrotate Actual results: Expected results: No errors. Additional info: Patch to fix is: diff --git a/tomcat-7.0.logrotate b/tomcat-7.0.logrotate index a87b4c0..926928a 100644 --- a/tomcat-7.0.logrotate +++ b/tomcat-7.0.logrotate @@ -4,5 +4,6 @@ rotate 52 compress missingok + su root tomcat create 0644 tomcat tomcat } --- Additional comment from Ivan Afonichev on 2012-02-14 11:23:31 CET --- Maybe it's better to set tomcat:root as owner for /var/log/tomcat ? --- Additional comment from Fedora Update System on 2012-03-16 22:22:07 CET --- tomcat-7.0.26-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
The problem is either back with tomcat-7.0.32-1.fc17.noarch or was not ever properly fixed. # logrotate -f /etc/logrotate.d/tomcat error: skipping "/var/log/tomcat/catalina.out" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. # rpm -qf /etc/logrotate.d/tomcat tomcat-7.0.32-1.fc17.noarch # rpm -Vf /etc/logrotate.d/tomcat SM5....T. c /etc/tomcat/server.xml SM5....T. c /etc/tomcat/tomcat.conf S.5..U.T. c /etc/tomcat/web.xml .....U... /var/lib/tomcat/webapps S.5....T. /var/log/tomcat/catalina.out # cat /etc/logrotate.d/tomcat /var/log/tomcat/catalina.out { copytruncate weekly rotate 52 compress missingok create 0644 tomcat tomcat } # ls -lad /var/log/tomcat drwxrwx---. 2 root tomcat 4096 Dec 6 15:58 /var/log/tomcat The original proposal was either to do su (which I consider the best one) or to do tomcat:root ownership. But it is root:tomcat. And logrotate-3.8.1-3.fc17.i686 is not happy.
tomcat-7.0.33-2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/tomcat-7.0.33-2.fc17
Package tomcat-7.0.33-2.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing tomcat-7.0.33-2.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-20025/tomcat-7.0.33-2.fc17 then log in and leave karma (feedback).
tomcat-7.0.33-2.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/tomcat-7.0.33-2.fc18
tomcat-7.0.33-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/tomcat-7.0.33-1.fc16
tomcat-7.0.33-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
tomcat-7.0.33-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
tomcat-7.0.33-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.