Your message dated Sat, 22 Feb 2014 12:09:46 +0000
with message-id <[email protected]>
and subject line Re: Bug#739740: logrotate: Erroneous error messages when
/var/log is tmpfs
has caused the Debian Bug report #739740,
regarding logrotate: Erroneous error messages when /var/log is tmpfs
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
739740: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739740
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: logrotate
Version: 3.8.1-4
Severity: important
Dear Maintainer,
when running logrotate on a system that uses tmpfs for /var/log, logrotate
creates erroneous error messages of the following form:
error: skipping "/var/log/cron.log" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set
"su" directive in config file to tell logrotate which user/group should be used
for rotation.
The access rights of /var/log are 755 and it is owned by root:root. The error
disapears when I comment out the tmpfs line for /var/log in /etc/fstab.
Best regards,
Reiner Buehl
-- Package-specific info:
Contents of /etc/logrotate.d
total 36
-rw-r--r-- 1 root root 173 Dec 24 2012 apt
-rw-r--r-- 1 root root 79 Nov 17 2012 aptitude
-rw-r--r-- 1 root root 135 Aug 11 2012 consolekit
-rw-r--r-- 1 root root 248 Oct 13 07:35 cups
-rw-r--r-- 1 root root 232 Oct 31 2012 dpkg
-rw-r--r-- 1 root root 419 Mar 18 2013 lighttpd
-rw-r--r-- 1 root root 67 Jul 9 2011 rsnapshot
-rw-r--r-- 1 root root 515 Oct 9 2012 rsyslog
-rw-r--r-- 1 root root 115 Jan 21 2013 unattended-upgrades
-- System Information:
Debian Release: 7.2
Architecture: armhf (armv6l)
Kernel: Linux 3.10.30+ (PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages logrotate depends on:
ii base-passwd 3.5.26
ii cron [cron-daemon] 3.0pl1-124
ii libc6 2.13-38+rpi2
ii libpopt0 1.16-7
ii libselinux1 2.1.9-5
Versions of packages logrotate recommends:
ii bsd-mailx [mailx] 8.1.2-0.20111106cvs-1
logrotate suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
On Sat, Feb 22, 2014 at 08:35:51AM +0100, Reiner Buehl wrote:
> error: skipping "/var/log/cron.log" because parent directory has insecure
> permissions (It's world writable or writable by group which is not "root")
> Set "su" directive in config file to tell logrotate which user/group should
> be used for rotation.
This is correct and secure behaviour. It prevents a possible symlink
attack by a hostile. The /var/log directory should not have either
0777 or 01777 permissions.
I suggest you mount your /var/log tmpfs with the mode=0755 option.
--
Paul Martin <[email protected]>
--- End Message ---