Bug 1104856 - logrotate complains about wrong permission for squidGuard
logrotate complains about wrong permission for squidGuard
Status: NEW
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Adam Majer
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-14 19:30 UTC by Giacomo Comes
Modified: 2019-07-10 09:28 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
martin.wilck: needinfo? (comes)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Giacomo Comes 2018-08-14 19:30:11 UTC
When I boot the machine I see this error message:
[FAILED] Failed to start Rotate log files.
See 'systemctl status logrotate.service' for details.

systemctl status logrotate output:
● logrotate.service - Rotate log files
   Loaded: loaded (/usr/lib/systemd/system/logrotate.service; static; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2018-08-14 15:21:36 AST; 1min 31s ago
     Docs: man:logrotate(8)
           man:logrotate.conf(5)
 Main PID: 8008 (code=exited, status=1/FAILURE)

Aug 14 15:21:35 vrt systemd[1]: Starting Rotate log files...
Aug 14 15:21:35 vrt logrotate[8008]: error: skipping "/var/log/squidGuard/squidGuard.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Aug 14 15:21:36 vrt systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE
Aug 14 15:21:36 vrt systemd[1]: logrotate.service: Failed with result 'exit-code'.
Aug 14 15:21:36 vrt systemd[1]: Failed to start Rotate log files.

The fix is to add the line:
  su squid squid
in /etc/logrotate.d/squidGuard (package squidGuard)
Comment 1 Andreas Stieger 2018-08-15 07:39:16 UTC
Nick had this problem in the (composite) bug 1104838.
Comment 2 Giacomo Comes 2019-04-20 15:08:38 UTC
I would like to remember that the issue with squidGuard and logrotate has not been fixed yet.
Comment 3 Martin Wilck 2019-07-08 12:41:37 UTC
It seems to be sufficient to run

  chmod g-w /var/log/squidGuard

Please confirm.
Comment 4 Martin Wilck 2019-07-10 09:28:53 UTC
Created sr#714402 for server:proxy/squidGuard, which fixes this problem. Test packages are available on home:mwilck:branches:server:proxy/squidGuard

The solution is not as in comment 3. Rather, I use the "su" directive in logrotate.conf. That's cleaner.