[Touch-packages] [Bug 1748147] [NEW] Upgrading systemd sets incorrect permissions on /var/log/

Nick Groenen Thu, 08 Feb 2018 02:20:52 -0800

Public bug reported:

Upgrading or reinstalling the systemd package when using rsyslogd
results in bad permissions (0755 instead of 0775) being set on
/var/log/. As a consequence of this, rsyslogd can no longer create new
files within this directory, resulting in lost log messages.


The default configuration of rsyslogd provided by Ubuntu runs the daemon
as syslog:syslog and sets ownership of /var/log to syslog:adm with mode
0775.

Systemd's default tmpfiles configuration sets /var/log to 0755 in
/usr/lib/tmpfiles.d/var.conf, however this is overridden in
/usr/lib/tmpfiles.d/00rsyslog.conf which is provided by package rsyslog.

It looks as though an upgrade of the systemd package fails to take
/usr/lib/tmpfiles.d/00rsyslog.conf into account, as demonstrated below.
This results in /var/log receiving mode 0755 instead of the expected
0775:


nick @ log2.be1.ams1:~ $ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.3 LTS
Release:        16.04
Codename:       xenial

nick @ log2.be1.ams1:~ $ apt policy systemd
systemd:
  Installed: 229-4ubuntu21.1
  Candidate: 229-4ubuntu21.1
  Version table:
 *** 229-4ubuntu21.1 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 
Packages
        100 /var/lib/dpkg/status
     229-4ubuntu4 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

nick @ log2.be1.ams1:~ $ apt policy rsyslog
rsyslog:
  Installed: 8.16.0-1ubuntu3
  Candidate: 8.16.0-1ubuntu3
  Version table:
 *** 8.16.0-1ubuntu3 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status

nick @ log2.be1.ams1:~ $ grep -F /var/log /usr/lib/tmpfiles.d/var.conf
d /var/log 0755 - - -
f /var/log/wtmp 0664 root utmp -
f /var/log/btmp 0600 root utmp -

nick @ log2.be1.ams1:~ $ cat /usr/lib/tmpfiles.d/00rsyslog.conf
# Override systemd's default tmpfiles.d/var.conf to make /var/log writable by
# the syslog group, so that rsyslog can run as user.
# See tmpfiles.d(5) for details.

# Type Path    Mode UID  GID  Age Argument
d /var/log 0775 root syslog -

nick @ log2.be1.ams1:~ $ ls -ld /var/log
drwxrwxr-x 8 root syslog 4096 Feb  7 13:45 /var/log

nick @ log2.be1.ams1:~ $ sudo apt install --reinstall systemd
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 7 not upgraded.
Need to get 3,634 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 systemd amd64 
229-4ubuntu21.1 [3,634 kB]
Fetched 3,634 kB in 0s (24.3 MB/s)
(Reading database ... 86614 files and directories currently installed.)
Preparing to unpack .../systemd_229-4ubuntu21.1_amd64.deb ...
Unpacking systemd (229-4ubuntu21.1) over (229-4ubuntu21.1) ...
Processing triggers for dbus (1.10.6-1ubuntu3.3) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up systemd (229-4ubuntu21.1) ...
addgroup: The group `systemd-journal' already exists as a system group. Exiting.

nick @ log2.be1.ams1:~ $ ls -ld /var/log
drwxr-xr-x 8 root syslog 4096 Feb  7 13:45 /var/log

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1748147

Title:
  Upgrading systemd sets incorrect permissions on /var/log/

Status in systemd package in Ubuntu:
  New

Bug description:
  Upgrading or reinstalling the systemd package when using rsyslogd
  results in bad permissions (0755 instead of 0775) being set on
  /var/log/. As a consequence of this, rsyslogd can no longer create new
  files within this directory, resulting in lost log messages.

  The default configuration of rsyslogd provided by Ubuntu runs the
  daemon as syslog:syslog and sets ownership of /var/log to syslog:adm
  with mode 0775.

  Systemd's default tmpfiles configuration sets /var/log to 0755 in
  /usr/lib/tmpfiles.d/var.conf, however this is overridden in
  /usr/lib/tmpfiles.d/00rsyslog.conf which is provided by package
  rsyslog.

  It looks as though an upgrade of the systemd package fails to take
  /usr/lib/tmpfiles.d/00rsyslog.conf into account, as demonstrated
  below. This results in /var/log receiving mode 0755 instead of the
  expected 0775:

  
  nick @ log2.be1.ams1:~ $ lsb_release -a
  No LSB modules are available.
  Distributor ID:       Ubuntu
  Description:  Ubuntu 16.04.3 LTS
  Release:      16.04
  Codename:     xenial

  nick @ log2.be1.ams1:~ $ apt policy systemd
  systemd:
    Installed: 229-4ubuntu21.1
    Candidate: 229-4ubuntu21.1
    Version table:
   *** 229-4ubuntu21.1 500
          500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 
Packages
          100 /var/lib/dpkg/status
       229-4ubuntu4 500
          500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  nick @ log2.be1.ams1:~ $ apt policy rsyslog
  rsyslog:
    Installed: 8.16.0-1ubuntu3
    Candidate: 8.16.0-1ubuntu3
    Version table:
   *** 8.16.0-1ubuntu3 500
          500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
          100 /var/lib/dpkg/status

  nick @ log2.be1.ams1:~ $ grep -F /var/log /usr/lib/tmpfiles.d/var.conf
  d /var/log 0755 - - -
  f /var/log/wtmp 0664 root utmp -
  f /var/log/btmp 0600 root utmp -

  nick @ log2.be1.ams1:~ $ cat /usr/lib/tmpfiles.d/00rsyslog.conf
  # Override systemd's default tmpfiles.d/var.conf to make /var/log writable by
  # the syslog group, so that rsyslog can run as user.
  # See tmpfiles.d(5) for details.

  # Type Path    Mode UID  GID  Age Argument
  d /var/log 0775 root syslog -

  nick @ log2.be1.ams1:~ $ ls -ld /var/log
  drwxrwxr-x 8 root syslog 4096 Feb  7 13:45 /var/log

  nick @ log2.be1.ams1:~ $ sudo apt install --reinstall systemd
  Reading package lists... Done
  Building dependency tree       
  Reading state information... Done
  0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 7 not upgraded.
  Need to get 3,634 kB of archives.
  After this operation, 0 B of additional disk space will be used.
  Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 systemd 
amd64 229-4ubuntu21.1 [3,634 kB]
  Fetched 3,634 kB in 0s (24.3 MB/s)
  (Reading database ... 86614 files and directories currently installed.)
  Preparing to unpack .../systemd_229-4ubuntu21.1_amd64.deb ...
  Unpacking systemd (229-4ubuntu21.1) over (229-4ubuntu21.1) ...
  Processing triggers for dbus (1.10.6-1ubuntu3.3) ...
  Processing triggers for ureadahead (0.100.0-19) ...
  Processing triggers for man-db (2.7.5-1) ...
  Setting up systemd (229-4ubuntu21.1) ...
  addgroup: The group `systemd-journal' already exists as a system group. 
Exiting.

  nick @ log2.be1.ams1:~ $ ls -ld /var/log
  drwxr-xr-x 8 root syslog 4096 Feb  7 13:45 /var/log

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1748147/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1748147] [NEW] Upgrading systemd sets incorrect permissions on /var/log/

Reply via email to