Bug#739740: logrotate: Erroneous error messages when /var/log is tmpfs
On Sat, Feb 22, 2014 at 08:35:51AM +0100, Reiner Buehl wrote: error: skipping /var/log/cron.log because parent directory has insecure permissions (It's world writable or writable by group which is not root) Set su directive in config file to tell logrotate which user/group should be used for rotation. This is correct and secure behaviour. It prevents a possible symlink attack by a hostile. The /var/log directory should not have either 0777 or 01777 permissions. I suggest you mount your /var/log tmpfs with the mode=0755 option. -- Paul Martin p...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#739740: logrotate: Erroneous error messages when /var/log is tmpfs
According to ls it is mounted 755, that is what was confusing me: reiner@weather:/var$ ls -ld /var/log drwxr-xr-x 13 root root 4096 Feb 22 06:25 /var/log Thats why I think the error message is wrong. Am I missing something? Am 22.02.2014 13:09, schrieb Paul Martin: On Sat, Feb 22, 2014 at 08:35:51AM +0100, Reiner Buehl wrote: error: skipping /var/log/cron.log because parent directory has insecure permissions (It's world writable or writable by group which is not root) Set su directive in config file to tell logrotate which user/group should be used for rotation. This is correct and secure behaviour. It prevents a possible symlink attack by a hostile. The /var/log directory should not have either 0777 or 01777 permissions. I suggest you mount your /var/log tmpfs with the mode=0755 option. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#739740: logrotate: Erroneous error messages when /var/log is tmpfs
Package: logrotate Version: 3.8.1-4 Severity: important Dear Maintainer, when running logrotate on a system that uses tmpfs for /var/log, logrotate creates erroneous error messages of the following form: error: skipping /var/log/cron.log because parent directory has insecure permissions (It's world writable or writable by group which is not root) Set su directive in config file to tell logrotate which user/group should be used for rotation. The access rights of /var/log are 755 and it is owned by root:root. The error disapears when I comment out the tmpfs line for /var/log in /etc/fstab. Best regards, Reiner Buehl -- Package-specific info: Contents of /etc/logrotate.d total 36 -rw-r--r-- 1 root root 173 Dec 24 2012 apt -rw-r--r-- 1 root root 79 Nov 17 2012 aptitude -rw-r--r-- 1 root root 135 Aug 11 2012 consolekit -rw-r--r-- 1 root root 248 Oct 13 07:35 cups -rw-r--r-- 1 root root 232 Oct 31 2012 dpkg -rw-r--r-- 1 root root 419 Mar 18 2013 lighttpd -rw-r--r-- 1 root root 67 Jul 9 2011 rsnapshot -rw-r--r-- 1 root root 515 Oct 9 2012 rsyslog -rw-r--r-- 1 root root 115 Jan 21 2013 unattended-upgrades -- System Information: Debian Release: 7.2 Architecture: armhf (armv6l) Kernel: Linux 3.10.30+ (PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages logrotate depends on: ii base-passwd 3.5.26 ii cron [cron-daemon] 3.0pl1-124 ii libc6 2.13-38+rpi2 ii libpopt01.16-7 ii libselinux1 2.1.9-5 Versions of packages logrotate recommends: ii bsd-mailx [mailx] 8.1.2-0.2006cvs-1 logrotate suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org