Bug#987179: tomcat9: catalina.out created with root owner, then logrotate fails to process it

Adam Cecile acecile at le-vert.net
Mon Apr 19 09:13:50 BST 2021 

Package: tomcat9
Version: 9.0.43-1
Severity: important

Hello,

I just deployed 9 servers using Debian 11 and I have a rather serious issue
with them.

root at debian11.server:~# ls -lah /var/log/tomcat9/catalina.out
-rw-r----- 1 root adm 2.8G Apr 19 10:05 /var/log/tomcat9/catalina.out

root at debian10.server:~# ls -lah /var/log/tomcat9/catalina.out
-rw-r----- 1 tomcat adm 1.3M Apr 19 10:05 /var/log/tomcat9/catalina.out

As you can see, owner is incorrect. That wouldn't not be such of an issue, if
the file could be processed correctly with logrotate, but that's not the case:

Apr 19 00:00:18 debian11.server[3689613]: error: error opening
/var/log/tomcat9/catalina.out: Permission denied
Apr 19 00:00:18 debian11.server systemd[1]: logrotate.service: Main process
exited, code=exited, status=1/FAILURE
Apr 19 00:00:18 debian11.server systemd[1]: logrotate.service: Failed with
result 'exit-code'.
Apr 19 00:00:18 debian11.server systemd[1]: logrotate.service: Consumed 11.480s
CPU time.

What's happening now is that the file is silently growing forever and lead to
one server crash during the weekend after running out of disk space.
I'm not sure it's an RC bug but it's definitely quite serious to me and should
be fixed before the release.

On both system, the file is created by an rsyslog rule at
/etc/rsyslog.d/tomcat9.conf which looks identical to me.
However, it seems the /var/log/tomcat9 folder has different directory
permission, which could be the reason why the file had been created with a
different owner:

root at debian11.server:~# ls -lahd /var/log/tomcat9
drwxrws--- 2 tomcat adm 4.0K Apr 19 06:25 /var/log/tomcat9

root at debian10.server:~# ls -lahd /var/log/tomcat9
drwxr-s--- 2 tomcat adm 32K Apr 19 06:25 /var/log/tomcat9

Or something changed withing rsyslog behavior, I'm not sure. Modifying rsyslog
file to explicitly set file owner could also be an option.

Best regards, Adam.



-- System Information:
Debian Release: 10.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-14-amd64 (SMP w/32 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages tomcat9 depends on:
ii  lsb-base        10.2019051400
ii  systemd         241-7~deb10u6
pn  tomcat9-common  <none>
ii  ucf             3.0038+nmu1

Versions of packages tomcat9 recommends:
pn  libtcnative-1  <none>

Versions of packages tomcat9 suggests:
pn  tomcat9-admin     <none>
pn  tomcat9-docs      <none>
pn  tomcat9-examples  <none>
pn  tomcat9-user      <none>

More information about the pkg-java-maintainers mailing list