Bug#679897: marked as done (/var/lib/munin/plugin-state/ should be writable by munin group)

Thu, 30 Aug 2012 01:51:22 -0700 

Your message dated Thu, 30 Aug 2012 08:48:19 +0000
with message-id <[email protected]>
and subject line Bug#679897: fixed in munin 2.0.6~git-1
has caused the Debian Bug report #679897,
regarding /var/lib/munin/plugin-state/ should be writable by munin group
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
679897: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679897
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: munin
Version: 2.0.0-1~bpo60+1
Severity: normal

/var/lib/munin/plugin-state/ is not writable by its group, munin.
This at least makes the exim_mailstats plugin fail with the following message 
(when run from munin-run):
exim_mailstats: Could not open statefile 
'/var/lib/munin/plugin-state/exim_mailstats-' for writing: Permission denied

Other plugins are affected as well.
This could be easily fixed.

-- System Information:
Debian Release: 6.0.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-0.bpo.2-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages munin depends on:
ii  adduser                3.112+nmu2        add and remove users and groups
ii  cron                   3.0pl1-116        process scheduling daemon
ii  libcgi-fast-perl       5.10.1-17squeeze3 CGI::Fast Perl module
ii  libdate-manip-perl     6.11-1            module for manipulating dates
pn  libdigest-md5-perl     <none>            (no description available)
ii  libfile-copy-recursive 0.38-1            Perl extension for recursively cop
ii  libhtml-template-perl  2.9-2             module for using HTML Templates wi
ii  libio-socket-inet6-per 2.65-1.1          Object interface for AF_INET6 doma
ii  liblog-log4perl-perl   1.29-1            A Perl port of the widely popular 
ii  libparse-recdescent-pe 1.965001+dfsg-1   Perl module to create and use recu
ii  librrds-perl           1.4.3-1           time-series data storage and displ
pn  libstorable-perl       <none>            (no description available)
ii  liburi-perl            1.54-2            module to manipulate and access UR
ii  munin-common           2.0.0-1~bpo60+1   network-wide graphing framework (c
ii  perl [libtime-hires-pe 5.10.1-17squeeze3 Larry Wall's Practical Extraction 
ii  perl-modules           5.10.1-17squeeze3 Core Perl modules
ii  rrdtool                1.4.3-1           time-series data storage and displ
pi  ttf-dejavu             2.31-1            Metapackage to pull in ttf-dejavu-

Versions of packages munin recommends:
ii  munin-doc                2.0.0-1~bpo60+1 network-wide graphing framework (d
ii  munin-node               2.0.0-1~bpo60+1 network-wide graphing framework (n

Versions of packages munin suggests:
ii  apache2-mpm-prefork [h 2.2.16-6+squeeze7 Apache HTTP Server - traditional n
ii  libnet-ssleay-perl     1.36-1            Perl module for Secure Sockets Lay
ii  lynx-cur [www-browser] 2.8.8dev.5-1      Text-mode WWW Browser with NLS sup
ii  nginx-full [httpd]     1.2.1-1~dotdeb.0  nginx web server with full set of 
ii  w3m [www-browser]      0.5.2-9           WWW browsable pager with excellent

-- Configuration Files:
/etc/init.d/munin changed:
case "$1" in
  start|restart|force-reload)
        # Create various dirs
        [ -d /var/run/munin ] || mkdir -p /var/run/munin && chown munin 
/var/run/munin
        exit $?
        ;;
  stop)
        # Nothing to do
        exit $?
        ;;
  *)
        echo "Usage: /etc/init.d/munin" \
                        "{start|stop}"
        exit 2
        ;;
esac

/etc/logrotate.d/munin changed:
/var/log/munin/munin-update.log {
        daily
        missingok
        rotate 7
        compress
        notifempty
        create 640 munin adm
}
/var/log/munin/munin-graph.log {
        daily
        missingok
        rotate 7
        compress
        notifempty
        create 640 munin adm
}
/var/log/munin/munin-html.log {
        daily
        missingok
        rotate 7
        compress
        notifempty
        create 640 munin adm
}
/var/log/munin/munin-limits.log {
        daily
        missingok
        rotate 7
        compress
        notifempty
        create 640 munin adm
}
/var/log/munin/munin-cgi-graph.log {
        daily
        missingok
        rotate 7
        compress
        notifempty
        #create 640 www-data adm
        # see http://munin-monitoring.org/ticket/1152
        copytruncate
}
/var/log/munin/munin-cgi-html.log {
        daily
        missingok
        rotate 7
        compress
        notifempty
        #create 640 www-data adm
        # see http://munin-monitoring.org/ticket/1152
        copytruncate
}

/etc/munin/apache.conf changed:
Alias /munin /var/cache/munin/www
Alias /munin-cgi/static /var/cache/munin/www/static
ScriptAlias /munin-cgi /usr/lib/cgi-bin/munin-cgi-html
<Directory /var/cache/munin/www>
        Order allow,deny
        #Allow from localhost 127.0.0.0/8 ::1
        Allow from all
        Options None
        # This file can be used as a .htaccess file, or a part of your apache
        # config file.
        #
        # For the .htaccess file option to work the munin www directory
        # (/var/cache/munin/www) must have "AllowOverride all" or something 
        # close to that set.
        #
        # AuthUserFile /etc/munin/munin-htpasswd
        # AuthName "Munin"
        # AuthType Basic
        # require valid-user
        # This next part requires mod_expires to be enabled.
        #
        
        # Set the default expiration time for files to 5 minutes 10 seconds from
        # their creation (modification) time.  There are probably new files by
        # that time. 
        #
    <IfModule mod_expires.c>
        ExpiresActive On
        ExpiresDefault M310
    </IfModule>
</Directory> 
<Location /munin-cgi>
    <IfModule mod_fastcgi.c>
        SetHandler fastcgi-script
    </IfModule>
</Location>
<Location /munin-cgi/static>
        SetHandler None
</Location>
<Location /cgi-bin/munin-cgi-graph>
        <IfModule mod_fastcgi.c>
                SetHandler fastcgi-script
        </IfModule>
</Location>
<Location /cgi-bin/munin-cgi-html>
        <IfModule mod_fastcgi.c>
                SetHandler fastcgi-script
        </IfModule>
</Location>

/etc/munin/munin.conf changed:
cgitmpdir /var/lib/munin/cgi-tmp
includedir /etc/munin/munin-conf.d
graph_strategy cgi
cgiurl_graph /cgi-bin/munin-cgi-graph
html_strategy cgi
rrdcached_socket /var/run/rrdcached.sock
contact.someuser.command mail -s "Munin notification" [email protected]


-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: munin
Source-Version: 2.0.6~git-1

We believe that the bug you reported is fixed in the latest version of
munin, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <[email protected]> (supplier of updated munin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 30 Aug 2012 08:26:09 +0000
Source: munin
Binary: munin-node munin-plugins-core munin-plugins-extra munin-plugins-java 
munin munin-common munin-async munin-doc
Architecture: source all
Version: 2.0.6~git-1
Distribution: experimental
Urgency: low
Maintainer: Munin Debian Maintainers <[email protected]>
Changed-By: Holger Levsen <[email protected]>
Description: 
 munin      - network-wide graphing framework (grapher/gatherer)
 munin-async - network-wide graphing framework (async master/client)
 munin-common - network-wide graphing framework (common)
 munin-doc  - network-wide graphing framework (documentation)
 munin-node - network-wide graphing framework (node)
 munin-plugins-core - network-wide graphing framework (plugins for node)
 munin-plugins-extra - network-wide graphing framework (user contributed 
plugins for nod
 munin-plugins-java - network-wide graphing framework (java plugins for node)
Closes: 679897 684075 684076 685343 686089 686090 686093
Changes: 
 munin (2.0.6~git-1) experimental; urgency=low
 .
   * 2.0.6 is actually unreleased still, this is based on the current git
     commit 6183662. The following fixes are included:
     - munin-node: more secure state file handling, introducing a new plugin
       state directory root, owned by uid 0. Then each plugin runs in its own
       UID plugin state directory, owned by the said UID. (Closes: #684075),
       (Closes: #679897), closes CVE-2012-3512.
     - munin-cgi-graph: ignore @ARGV to fix CVE-2012-3513 (Closes: #684076),
       thanks to Helmut Grohne <[email protected]>
     - munin-cron: call munin-graph with --cron argument (Closes: #685343)
     - Master/Node.pm: fix _node_read_fast() to accept all valid returns
       (Closes: #686089) and _do_connect() to not use an uninitialized
       variable. (Closes: #686090)
     - munin-async: make spoolread less restrictive about (valid) plugin names
       (Closes: #686093)
   * Update Location and Scriptalias in shipped apache.conf to reflect changes
     introduced upstream in 64dfec73 coming in 2.0.6. This fixes a regression
     introduced in fixing #682869.
Checksums-Sha1: 
 87f92bd652589be479511fd928f17ca9e62172ef 2129 munin_2.0.6~git-1.dsc
 e28fb8500f1363a905f2be164c3f0ec4780aca5c 1422644 munin_2.0.6~git-1.tar.gz
 495b3c699c5db9706db03d9d2eeab149a3d8c113 126252 munin-node_2.0.6~git-1_all.deb
 76a3d3fcd400f5221ba5d7424c30e0b5339b9b43 302894 
munin-plugins-core_2.0.6~git-1_all.deb
 dc01c511e671c0a677dfc6cf7fec360077934e6f 152910 
munin-plugins-extra_2.0.6~git-1_all.deb
 71b1c478d9a7abd4d901d954ab52f6d84479559a 145808 
munin-plugins-java_2.0.6~git-1_all.deb
 6d24d5033c9387d8e8f3910373646b74c74cbf13 200446 munin_2.0.6~git-1_all.deb
 5954e9803442dbd4fe7f24adbd0b1bc9fc6a7c1b 93692 munin-common_2.0.6~git-1_all.deb
 acf0ac69dd6e51a091bb55699f1ba7ccd32e5efb 81604 munin-async_2.0.6~git-1_all.deb
 1fe472bce2797dd2929955e7101a70f0e5283e2a 210798 munin-doc_2.0.6~git-1_all.deb
Checksums-Sha256: 
 e788a52a42e577702b03df2a76b902ecfb75d7d554bab56ab218a96857ceb1d4 2129 
munin_2.0.6~git-1.dsc
 2fba10446f70b872d7fd0c2aef3e6d7fd6d19363a98228d8079d16be1c431943 1422644 
munin_2.0.6~git-1.tar.gz
 c5e3df113333b5fb286c943ef1e252f9caa981c83c5ac47d24a77e6fdb3cb058 126252 
munin-node_2.0.6~git-1_all.deb
 8adfd149197072b108d26ea402393cc40b203c652bee10b3e67c56da9a75744e 302894 
munin-plugins-core_2.0.6~git-1_all.deb
 343093da2cdca0dfe21d32c8ea2b4f14e9c1b6e202fea45b10f68bea4f85690f 152910 
munin-plugins-extra_2.0.6~git-1_all.deb
 50d926265834e95a642617a575d8fc29c6bec0ca4e97b914da26135526cd3ee0 145808 
munin-plugins-java_2.0.6~git-1_all.deb
 7b8fa95370adb1eaff00091d99a3543ab6b62850f7d09e873b8a375c4fc81d52 200446 
munin_2.0.6~git-1_all.deb
 e8e501fc937dbd964b2e8092385e15b4edf99dd26307e28e79b245c092d714f6 93692 
munin-common_2.0.6~git-1_all.deb
 3fb62447d4df6d00b89de1be7acac538bcd1dafddcef92217e97aacfa9dbe094 81604 
munin-async_2.0.6~git-1_all.deb
 f7d126effa2b2924a5964fa09b427d3dad62195c2e15c3a7254ccb767e91ad33 210798 
munin-doc_2.0.6~git-1_all.deb
Files: 
 cb7b1f41569d38be6104d578543c637a 2129 net optional munin_2.0.6~git-1.dsc
 61aa2c32d0a415d7e14d424cf771bbb1 1422644 net optional munin_2.0.6~git-1.tar.gz
 55c3fa84967745332b796b21249fa85a 126252 net optional 
munin-node_2.0.6~git-1_all.deb
 3b271a0f6b4746bbe1e0fc5eea4ca72f 302894 net optional 
munin-plugins-core_2.0.6~git-1_all.deb
 d39bfbb398a5c30e1ce985ca87e703d3 152910 net optional 
munin-plugins-extra_2.0.6~git-1_all.deb
 26fe11792149f134c3cf34988c528006 145808 net optional 
munin-plugins-java_2.0.6~git-1_all.deb
 349a40dc4c3bbdcd0640fca8e2936ac9 200446 net optional munin_2.0.6~git-1_all.deb
 a86b0f6d30e1a94610fca9ef491e49fe 93692 net optional 
munin-common_2.0.6~git-1_all.deb
 c0a03eb040ff1a0e098b9287f0ea4230 81604 net optional 
munin-async_2.0.6~git-1_all.deb
 3076757e3fe6a060197ee96b55473490 210798 doc optional 
munin-doc_2.0.6~git-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBUD8lvgkauFYGmqocAQgfxQ//egaDsjnxdDGxqTJ7gp552WnGGP9Ws9Lr
Bnirdgknb+zeIpVkLBe1bSgiFToKIAl/xaIMe9gzk8tiksSnpr634f79t5mmoqLb
P8ljp5H3fp+fNDjtrbGVv2QzUXn/B+NE8edgqR20LU7XXwoGvG/JVK4nFvElNCmh
NZBy/2Xge1W7PbT3mCqZj1mYMhJhXt/yUjA7vFrJyGfwM36Xry4MRqhYj+wFEeXN
iiT3dxJ77hupp7Lch1Iq2UylGU6mb9GgOSnXEqfQBhnaFDH/79Yfv6Yd1JBGgHlc
JgkrrzhoxwtI07W0QVyK4epUkl6SCQfVBQXnXd8lhyLZH4xOctQbiTYHg7Xb4ea2
Fik+37ePyB2epOxTrFNPEv2PcyinnutCNY3DITZk+eqBlS8/e9cYfigLmUkwCo9J
FrePyPAofQj4+k3EtesLN4/Ss0GrOqEJ+UUOSsj1ini7fHDjZ6FPo5Pr2FG7oSQI
SJNVWiczYIC6AKH9XqfFznuTmEHcI5MZKjfUeRbbaXzuEgdJHlNpqQ6aiVcfVZOK
I8YW5P4hontOTRFCgkZK2F3GYj4OD8SlPCOM39zNwoeCBGsbdW8N3VuQ8x8xahN2
V19KUC7JUTLPNr5HglQOHQoA7boUjEi6y+dJ3S3al92JppMxvBPnZpsClVNNc1Y7
t68o1Uwiu0Q=
=XPYG
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to