Bug 883806 - tomcat-7.0.logrotate should specify "su root tomcat"
Summary: tomcat-7.0.logrotate should specify "su root tomcat"
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: tomcat
Version: 17
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Ivan Afonichev
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 790334
Blocks: 876987
TreeView+ depends on / blocked
 
Reported: 2012-12-05 11:15 UTC by Jan Pazdziora
Modified: 2013-01-11 23:42 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 790334
Environment:
Last Closed: 2012-12-19 08:28:23 UTC
Type: ---


Attachments (Terms of Use)

Description Jan Pazdziora 2012-12-05 11:15:57 UTC
+++ This bug was initially created as a clone of Bug #790334 +++

Description of problem:
Tomcat's logrotate.d file needs to set "su root tomcat" to suppress logrotate errors like:

error: skipping "/var/log/tomcat6/catalina.out" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.


Version-Release number of selected component (if applicable):


How reproducible:

Always


Steps to Reproduce:

1. Install tomcat
2. Run /etc/cron.daily/logrotate

  
Actual results:


Expected results:

No errors.


Additional info:

Patch to fix is:

diff --git a/tomcat-7.0.logrotate b/tomcat-7.0.logrotate
index a87b4c0..926928a 100644
--- a/tomcat-7.0.logrotate
+++ b/tomcat-7.0.logrotate
@@ -4,5 +4,6 @@
     rotate 52
     compress
     missingok
+    su root tomcat
     create 0644 tomcat tomcat
 }

--- Additional comment from Ivan Afonichev on 2012-02-14 11:23:31 CET ---

Maybe it's better to set
tomcat:root as owner for /var/log/tomcat ?

--- Additional comment from Fedora Update System on 2012-03-16 22:22:07 CET ---

tomcat-7.0.26-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 1 Jan Pazdziora 2012-12-05 11:18:17 UTC
The problem is either back with tomcat-7.0.32-1.fc17.noarch or was not ever properly fixed.

# logrotate -f /etc/logrotate.d/tomcat 
error: skipping "/var/log/tomcat/catalina.out" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
# rpm -qf /etc/logrotate.d/tomcat 
tomcat-7.0.32-1.fc17.noarch
# rpm -Vf /etc/logrotate.d/tomcat 
SM5....T.  c /etc/tomcat/server.xml
SM5....T.  c /etc/tomcat/tomcat.conf
S.5..U.T.  c /etc/tomcat/web.xml
.....U...    /var/lib/tomcat/webapps
S.5....T.    /var/log/tomcat/catalina.out
# cat /etc/logrotate.d/tomcat 
/var/log/tomcat/catalina.out {
    copytruncate
    weekly
    rotate 52
    compress
    missingok
    create 0644 tomcat tomcat
}
# ls -lad /var/log/tomcat
drwxrwx---. 2 root tomcat 4096 Dec  6 15:58 /var/log/tomcat

The original proposal was either to do su (which I consider the best one) or to do tomcat:root ownership. But it is root:tomcat. And logrotate-3.8.1-3.fc17.i686 is not happy.

Comment 2 Fedora Update System 2012-12-07 13:27:47 UTC
tomcat-7.0.33-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/tomcat-7.0.33-2.fc17

Comment 3 Fedora Update System 2012-12-09 06:02:27 UTC
Package tomcat-7.0.33-2.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing tomcat-7.0.33-2.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-20025/tomcat-7.0.33-2.fc17
then log in and leave karma (feedback).

Comment 4 Fedora Update System 2012-12-09 21:39:54 UTC
tomcat-7.0.33-2.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/tomcat-7.0.33-2.fc18

Comment 5 Fedora Update System 2012-12-09 22:00:48 UTC
tomcat-7.0.33-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/tomcat-7.0.33-1.fc16

Comment 6 Fedora Update System 2012-12-19 08:28:26 UTC
tomcat-7.0.33-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2012-12-19 08:41:53 UTC
tomcat-7.0.33-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2013-01-11 23:42:20 UTC
tomcat-7.0.33-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.