Your message dated Sat, 22 Feb 2014 12:09:46 +0000
with message-id <[email protected]>
and subject line Re: Bug#739740: logrotate: Erroneous error messages when 
/var/log is tmpfs
has caused the Debian Bug report #739740,
regarding logrotate: Erroneous error messages when /var/log is tmpfs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
739740: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739740
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: logrotate
Version: 3.8.1-4
Severity: important

Dear Maintainer,

when running logrotate on a system that uses tmpfs for /var/log, logrotate
creates erroneous error messages of the following form:

error: skipping "/var/log/cron.log" because parent directory has insecure 
permissions (It's world writable or writable by group which is not "root") Set 
"su" directive in config file to tell logrotate which user/group should be used 
for rotation.

The access rights of /var/log are 755 and it is owned by root:root. The error 
disapears when I comment out the tmpfs line for /var/log in /etc/fstab.

Best regards,
Reiner Buehl

-- Package-specific info:
Contents of /etc/logrotate.d
total 36
-rw-r--r-- 1 root root 173 Dec 24  2012 apt
-rw-r--r-- 1 root root  79 Nov 17  2012 aptitude
-rw-r--r-- 1 root root 135 Aug 11  2012 consolekit
-rw-r--r-- 1 root root 248 Oct 13 07:35 cups
-rw-r--r-- 1 root root 232 Oct 31  2012 dpkg
-rw-r--r-- 1 root root 419 Mar 18  2013 lighttpd
-rw-r--r-- 1 root root  67 Jul  9  2011 rsnapshot
-rw-r--r-- 1 root root 515 Oct  9  2012 rsyslog
-rw-r--r-- 1 root root 115 Jan 21  2013 unattended-upgrades


-- System Information:
Debian Release: 7.2
Architecture: armhf (armv6l)

Kernel: Linux 3.10.30+ (PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages logrotate depends on:
ii  base-passwd         3.5.26
ii  cron [cron-daemon]  3.0pl1-124
ii  libc6               2.13-38+rpi2
ii  libpopt0            1.16-7
ii  libselinux1         2.1.9-5

Versions of packages logrotate recommends:
ii  bsd-mailx [mailx]  8.1.2-0.20111106cvs-1

logrotate suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message ---
On Sat, Feb 22, 2014 at 08:35:51AM +0100, Reiner Buehl wrote:

> error: skipping "/var/log/cron.log" because parent directory has insecure 
> permissions (It's world writable or writable by group which is not "root") 
> Set "su" directive in config file to tell logrotate which user/group should 
> be used for rotation.

This is correct and secure behaviour.  It prevents a possible symlink
attack by a hostile.  The /var/log directory should not have either
0777 or 01777 permissions.

I suggest you mount your /var/log tmpfs with the mode=0755 option.

-- 
Paul Martin <[email protected]>

--- End Message ---

Reply via email to