[Pkg-linaro-lava-devel] Bug#925353: Bug#925353: lava-server: logrotate complains about "parent directory has insecure permissions"

Andreas Beckmann anbe at debian.org
Wed Mar 27 00:30:22 GMT 2019 

On 2019-03-26 16:56, Steve McIntyre wrote:
> That sounds like a weird way to fix what's claimed to be a permissions
> problem in the log. Or is this just a bad error message from logrotate?
> 
> And checking - the logrotate file in question already has 'missingok'
> spceified.

That is the first time I encountered this strange error. The missing 
'missingok' was just the most popular (i.e. only) cause for logrotate 
failures so far.

>> 6m50.2s ERROR: Command failed (status=1): ['chroot', '/srv/piuparts/tmp/tmpML5ulV', '/usr/sbin/logrotate', '/etc/logrotate.d/lava-server-uwsgi-log']
>>  error: skipping "/var/log/lava-server/lava-uwsgi.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
> 
> I appreciate that you won't have this session around now to be able to
> look directly, but for future reports it would be very helpful if
> piuparts could show the logfiles and directories look like at this point.

I can quite easily rerun failing tests and get a shell in the chroot to 
collect additional information ...

This is after the failure in a jessie -> stretch -> buster upgrade:

# ls -la /var/log/lava-server/
total 0
drwxrwsr-x 2 lavaserver adm   80 Mar 26 17:41 .
drwxr-xr-x 8 root       root 320 Mar 26 17:47 ..
-rw-rw-r-- 1 lavaserver adm    0 Mar 26 17:46 django.log
-rw-r--r-- 1 root       adm    0 Mar 26 17:43 lava-scheduler.log

OK, that looks like bad permission, lets look where they come from:
I added some scripts that do 'ls -la /var/log/lava-server/' before
and after each distupgrade, full log attached.
The problem happens during the upgrade to buster:

27m28.9s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
27m28.9s DUMP: 
  + ls -la /var/log/lava-server
  total 0
  drwsr-sr-x 2 root       root  80 Mar 26 23:02 .
  drwxr-xr-x 9 root       root 340 Mar 26 23:07 ..
  -rw-r--r-- 1 lavaserver adm    0 Mar 26 23:09 django.log
  -rw-r--r-- 1 root       adm    0 Mar 26 23:07 lava-scheduler.log
27m28.9s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
27m28.9s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'apt-get', 'update']
27m37.0s DUMP: 
  Hit:1 http://ftp.de.debian.org/debian buster InRelease
  Reading package lists...
27m37.0s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'apt-get', 'update']
27m37.0s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'apt-get', '-yf', 'dist-upgrade']
[...]
44m48.3s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/post_distupgrade_000_debug-lava-server']
44m48.3s DUMP: 
  + ls -la /var/log/lava-server
  total 0
  drwxrwsr-x 2 lavaserver adm   80 Mar 26 23:02 .
  drwxr-xr-x 9 root       root 340 Mar 26 23:07 ..
  -rw-rw-r-- 1 lavaserver adm    0 Mar 26 23:26 django.log
  -rw-r--r-- 1 root       adm    0 Mar 26 23:07 lava-scheduler.log
44m48.3s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/post_distupgrade_000_debug-lava-server']


and now doing the same with starting in stretch (not jessie) and upgrading to buster

24m14.0s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
24m14.1s DUMP:
  + ls -la /var/log/lava-server
  total 0
  drwsr-sr-x 2 root       root  80 Mar 26 23:49 .
  drwxr-xr-x 8 root       root 300 Mar 26 23:46 ..
  -rw-r--r-- 1 lavaserver adm    0 Mar 26 23:59 django.log
  -rw-r--r-- 1 root       adm    0 Mar 26 23:49 lava-scheduler.log
24m14.1s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
24m14.1s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'apt-get', 'update']
24m35.1s DUMP:
  Hit:1 http://ftp.de.debian.org/debian buster InRelease
  Reading package lists...
24m35.1s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'apt-get', 'update']
24m35.1s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'apt-get', '-yf', 'dist-upgrade']
[...]
33m44.0s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/post_distupgrade_000_debug-lava-server']
33m44.0s DUMP: 
  + ls -la /var/log/lava-server
  total 0
  drwxrwsr-x 2 lavaserver adm   80 Mar 26 23:49 .
  drwxr-xr-x 8 root       root 300 Mar 26 23:46 ..
  -rw-rw-r-- 1 lavaserver adm    0 Mar 27 00:15 django.log
  -rw-r--r-- 1 root       adm    0 Mar 26 23:49 lava-scheduler.log
33m44.0s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/post_distupgrade_000_debug-lava-server']


So what, the permissions are the same, but in the stretch->buster case
it does not explode????

I hope the logs help you analyzing this weirdness.


Andreas

More information about the Pkg-linaro-lava-devel mailing list