Bug#982961: tomcat9: cron.daily/tomcat9 compress /var/log/tomcat9 *subfolders* breaking some deployed apps

[Ludovic Pouzenc]

Package: tomcat9
Version: 9.0.31-1~deb10u3
Severity: normal

Dear Maintainer,

I have deployed some tomcat apps. The have thier own logging facilities
outputing plain files. I thing tomcat9 packages invite me to put them
under a subfolder of /Var/log/tomcat9. If I do that, cron.daily/tomcat9
gzip them, even if they live, even if they are not rotated, and it
fail every day starting on installation day + 1 (at 2nd cron exec).

Similar but different from #925926 as it concerns application logs and
not tomcat own logs.

tomcat9.service systemd unit restrict app writes heavily (great) :

lpouzenc at lud-hp1:~$ grep ^Read /lib/systemd/system/tomcat9.service
ReadWritePaths=/etc/tomcat9/Catalina/
ReadWritePaths=/var/lib/tomcat9/webapps/
ReadWritePaths=/var/log/tomcat9/

I didn't see any documentation mentionning that subfolders there are
handled by debian script... but it does :

lpouzenc at lud-hp1:~$ grep -A 1 '^\s*find' /etc/cron.daily/tomcat9 
			find /var/log/$NAME/ -name \*.$EXT -daystart -mtime +0 -print0 \
				| xargs --no-run-if-empty -0 gzip -9

(because there is no -maxdepth 1)

So this cron gzip some app's live logs, and mail sysadmin everynight
(except first one) with about .gz file that already exists in those
subfolders, assuming the deployed app have at least one log file that
have a stable filename without date of the day in it.

Maybe the cron should only handle tomcat own logs (catalina.out is
already excluded by $EXT). OR may be default unit should provide a
writable subfolders for the app logs to be deployed by users by default.

Thanks for all the packaging work already well done.

Regards,
Ludovic Pouzenc

-- System Information:
Debian Release: 10.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.9.0-0.bpo.5-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages tomcat9 depends on:
ii  lsb-base        10.2019051400
ii  systemd         241-7~deb10u6
ii  tomcat9-common  9.0.31-1~deb10u3
ii  ucf             3.0038+nmu1

Versions of packages tomcat9 recommends:
ii  libtcnative-1  1.2.21-1

Versions of packages tomcat9 suggests:
pn  tomcat9-admin     <none>
pn  tomcat9-docs      <none>
pn  tomcat9-examples  <none>
pn  tomcat9-user      <none>

-- Configuration Files:
/etc/tomcat9/policy.d/01system.policy [Errno 13] Permission non accordée: '/etc/tomcat9/policy.d/01system.policy'
/etc/tomcat9/policy.d/02debian.policy [Errno 13] Permission non accordée: '/etc/tomcat9/policy.d/02debian.policy'
/etc/tomcat9/policy.d/03catalina.policy [Errno 13] Permission non accordée: '/etc/tomcat9/policy.d/03catalina.policy'
/etc/tomcat9/policy.d/04webapps.policy [Errno 13] Permission non accordée: '/etc/tomcat9/policy.d/04webapps.policy'
/etc/tomcat9/policy.d/50local.policy [Errno 13] Permission non accordée: '/etc/tomcat9/policy.d/50local.policy'

-- no debconf information