[Pkg-linaro-lava-devel] Bug#925353: Bug#925353: lava-server: logrotate complains about "parent directory has insecure permissions"

Steve McIntyre steve.mcintyre at linaro.org
Thu Mar 28 16:31:26 GMT 2019 

On Wed, Mar 27, 2019 at 01:30:22AM +0100, Andreas Beckmann wrote:
>On 2019-03-26 16:56, Steve McIntyre wrote:
>> That sounds like a weird way to fix what's claimed to be a permissions
>> problem in the log. Or is this just a bad error message from logrotate?
>> 
>> And checking - the logrotate file in question already has 'missingok'
>> spceified.
>
>That is the first time I encountered this strange error. The missing 
>'missingok' was just the most popular (i.e. only) cause for logrotate 
>failures so far.

ACK...

>>> 6m50.2s ERROR: Command failed (status=1): ['chroot', '/srv/piuparts/tmp/tmpML5ulV', '/usr/sbin/logrotate', '/etc/logrotate.d/lava-server-uwsgi-log']
>>>  error: skipping "/var/log/lava-server/lava-uwsgi.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
>> 
>> I appreciate that you won't have this session around now to be able to
>> look directly, but for future reports it would be very helpful if
>> piuparts could show the logfiles and directories look like at this point.
>
>I can quite easily rerun failing tests and get a shell in the chroot to 
>collect additional information ...
>
>This is after the failure in a jessie -> stretch -> buster upgrade:
>
># ls -la /var/log/lava-server/
>total 0
>drwxrwsr-x 2 lavaserver adm   80 Mar 26 17:41 .
>drwxr-xr-x 8 root       root 320 Mar 26 17:47 ..
>-rw-rw-r-- 1 lavaserver adm    0 Mar 26 17:46 django.log
>-rw-r--r-- 1 root       adm    0 Mar 26 17:43 lava-scheduler.log
>
>OK, that looks like bad permission, lets look where they come from:
>I added some scripts that do 'ls -la /var/log/lava-server/' before
>and after each distupgrade, full log attached.
>The problem happens during the upgrade to buster:
>
>27m28.9s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
>27m28.9s DUMP: 
>  + ls -la /var/log/lava-server
>  total 0
>  drwsr-sr-x 2 root       root  80 Mar 26 23:02 .
>  drwxr-xr-x 9 root       root 340 Mar 26 23:07 ..
>  -rw-r--r-- 1 lavaserver adm    0 Mar 26 23:09 django.log
>  -rw-r--r-- 1 root       adm    0 Mar 26 23:07 lava-scheduler.log
>27m28.9s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
>27m28.9s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'apt-get', 'update']
>27m37.0s DUMP: 
>  Hit:1 http://ftp.de.debian.org/debian buster InRelease
>  Reading package lists...
>27m37.0s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'apt-get', 'update']
>27m37.0s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'apt-get', '-yf', 'dist-upgrade']
>[...]
>44m48.3s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/post_distupgrade_000_debug-lava-server']
>44m48.3s DUMP: 
>  + ls -la /var/log/lava-server
>  total 0
>  drwxrwsr-x 2 lavaserver adm   80 Mar 26 23:02 .
>  drwxr-xr-x 9 root       root 340 Mar 26 23:07 ..
>  -rw-rw-r-- 1 lavaserver adm    0 Mar 26 23:26 django.log
>  -rw-r--r-- 1 root       adm    0 Mar 26 23:07 lava-scheduler.log
>44m48.3s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpgfr9HI', 'tmp/scripts/post_distupgrade_000_debug-lava-server']
>
>
>and now doing the same with starting in stretch (not jessie) and upgrading to buster
>
>24m14.0s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
>24m14.1s DUMP:
>  + ls -la /var/log/lava-server
>  total 0
>  drwsr-sr-x 2 root       root  80 Mar 26 23:49 .
>  drwxr-xr-x 8 root       root 300 Mar 26 23:46 ..
>  -rw-r--r-- 1 lavaserver adm    0 Mar 26 23:59 django.log
>  -rw-r--r-- 1 root       adm    0 Mar 26 23:49 lava-scheduler.log
>24m14.1s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/pre_distupgrade_zzz_debug-lava-server']
>24m14.1s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'apt-get', 'update']
>24m35.1s DUMP:
>  Hit:1 http://ftp.de.debian.org/debian buster InRelease
>  Reading package lists...
>24m35.1s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'apt-get', 'update']
>24m35.1s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'apt-get', '-yf', 'dist-upgrade']
>[...]
>33m44.0s DEBUG: Starting command: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/post_distupgrade_000_debug-lava-server']
>33m44.0s DUMP: 
>  + ls -la /var/log/lava-server
>  total 0
>  drwxrwsr-x 2 lavaserver adm   80 Mar 26 23:49 .
>  drwxr-xr-x 8 root       root 300 Mar 26 23:46 ..
>  -rw-rw-r-- 1 lavaserver adm    0 Mar 27 00:15 django.log
>  -rw-r--r-- 1 root       adm    0 Mar 26 23:49 lava-scheduler.log
>33m44.0s DEBUG: Command ok: ['chroot', '/srv/piuparts/tmp/tmpS7TOc2', 'tmp/scripts/post_distupgrade_000_debug-lava-server']
>
>So what, the permissions are the same, but in the stretch->buster case
>it does not explode????
>
>I hope the logs help you analyzing this weirdness.

Thanks, I think! :-)

I'm a little bit at a loss to see what's causing it... :-/

Cheers,
-- 
Steve McIntyre                                steve.mcintyre at linaro.org
<http://www.linaro.org/> Linaro.org | Open source software for ARM SoCs

More information about the Pkg-linaro-lava-devel mailing list