[Pkg-linaro-lava-devel] Bug#925353: Bug#925353: lava-server: logrotate complains about "parent directory has insecure permissions"
Andreas Beckmann
anbe at debian.org
Wed Mar 27 00:30:22 GMT 2019
On 2019-03-26 16:56, Steve McIntyre wrote:
> That sounds like a weird way to fix what's claimed to be a permissions
> problem in the log. Or is this just a bad error message from logrotate?
>
> And checking - the logrotate file in question already has 'missingok'
> spceified.
That is the first time I encountered this strange error. The missing
'missingok' was just the most popular (i.e. only) cause for logrotate
failures so far.
>> 6m50.2s ERROR: Command failed (status=1): ['chroot', '/srv/piuparts/tmp/tmpML5ulV', '/usr/sbin/logrotate', '/etc/logrotate.d/lava-server-uwsgi-log']
>> error: skipping "/var/log/lava-server/lava-uwsgi.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
>
> I appreciate that you won't have this session around now to be able to
> look directly, but for future reports it would be very helpful if
> piuparts could show the logfiles and directories look like at this point.
I can quite easily rerun failing tests and get a shell in the chroot to
collect additional information ...
This is after the failure in a jessie -> stretch -> buster upgrade:
# ls -la /var/log/lava-server/
total 0
drwxrwsr-x 2 lavaserver adm 80 Mar 26 17:41 .
drwxr-xr-x 8 root root 320 Mar 26 17:47 ..
-rw-rw-r-- 1 lavaserver adm 0 Mar 26 17:46 django.log
-rw-r--r-- 1 root adm 0 Mar 26 17:43 lava-scheduler.log
OK, that looks like bad permission, lets look where they come from:
I added some scripts that do 'ls -la /var/log/lava-server/' before
and after each distupgrade, full log attached.
The problem happens during the upgrade to buster:
27m28.9s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
27m28.9s DUMP:
+ ls -la /var/log/lava-server
total 0
drwsr-sr-x 2 root root 80 Mar 26 23:02 .
drwxr-xr-x 9 root root 340 Mar 26 23:07 ..
-rw-r--r-- 1 lavaserver adm 0 Mar 26 23:09 django.log
-rw-r--r-- 1 root adm 0 Mar 26 23:07 lava-scheduler.log
27m28.9s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
27m28.9s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'apt-get', 'update']
27m37.0s DUMP:
Hit:1 http://ftp.de.debian.org/debian buster InRelease
Reading package lists...
27m37.0s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'apt-get', 'update']
27m37.0s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'apt-get', '-yf', 'dist-upgrade']
[...]
44m48.3s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/post_distupgrade_000_debug-lava-server']
44m48.3s DUMP:
+ ls -la /var/log/lava-server
total 0
drwxrwsr-x 2 lavaserver adm 80 Mar 26 23:02 .
drwxr-xr-x 9 root root 340 Mar 26 23:07 ..
-rw-rw-r-- 1 lavaserver adm 0 Mar 26 23:26 django.log
-rw-r--r-- 1 root adm 0 Mar 26 23:07 lava-scheduler.log
44m48.3s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/post_distupgrade_000_debug-lava-server']
and now doing the same with starting in stretch (not jessie) and upgrading to buster
24m14.0s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
24m14.1s DUMP:
+ ls -la /var/log/lava-server
total 0
drwsr-sr-x 2 root root 80 Mar 26 23:49 .
drwxr-xr-x 8 root root 300 Mar 26 23:46 ..
-rw-r--r-- 1 lavaserver adm 0 Mar 26 23:59 django.log
-rw-r--r-- 1 root adm 0 Mar 26 23:49 lava-scheduler.log
24m14.1s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
24m14.1s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'apt-get', 'update']
24m35.1s DUMP:
Hit:1 http://ftp.de.debian.org/debian buster InRelease
Reading package lists...
24m35.1s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'apt-get', 'update']
24m35.1s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'apt-get', '-yf', 'dist-upgrade']
[...]
33m44.0s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/post_distupgrade_000_debug-lava-server']
33m44.0s DUMP:
+ ls -la /var/log/lava-server
total 0
drwxrwsr-x 2 lavaserver adm 80 Mar 26 23:49 .
drwxr-xr-x 8 root root 300 Mar 26 23:46 ..
-rw-rw-r-- 1 lavaserver adm 0 Mar 27 00:15 django.log
-rw-r--r-- 1 root adm 0 Mar 26 23:49 lava-scheduler.log
33m44.0s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/post_distupgrade_000_debug-lava-server']
So what, the permissions are the same, but in the stretch->buster case
it does not explode????
I hope the logs help you analyzing this weirdness.
Andreas
More information about the Pkg-linaro-lava-devel
mailing list