Public bug reported:
This bug is easy to reproduce with the default configuration:
Install bird, 1.6.3-3 for example and start the service with the
defaults values. This will create and start the services to run as the
'bird' user and 'bird' group (BIRD_RUN_USER, BIRD_RUN_GROUP)
system(1) will show this working correctly, and relevant bird log entries will
appear in /var/log/syslog as expected:
$ sudo service bird status
● bird.service - BIRD Internet Routing Daemon (IPv4)
Loaded: loaded (/lib/systemd/system/bird.service; enabled; vendor preset:
enabled)
Active: active (running) since Wed 2020-03-18 10:11:50 EDT; 14s ago
Main PID: 23485 (bird)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/bird.service
└─23485 /usr/sbin/bird -f -u bird -g bird
Mar 18 10:11:50 hades-nuc systemd[1]: Starting BIRD Internet Routing Daemon
(IPv4)...
Mar 18 10:11:50 hades-nuc systemd[1]: Started BIRD Internet Routing Daemon
(IPv4).
Mar 18 10:11:50 hades-nuc bird[23485]: Started
Update your /etc/bird/bird.conf and point the 'log' line to something
like the following:
log "/var/log/bird.log" all;
Now restart the bird service:
$ sudo service bird status
● bird.service - BIRD Internet Routing Daemon (IPv4)
Loaded: loaded (/lib/systemd/system/bird.service; enabled; vendor preset:
enabled)
Active: failed (Result: exit-code) since Wed 2020-03-18 10:20:44 EDT; 9s ago
Process: 25376 ExecStart=/usr/sbin/bird -f -u $BIRD_RUN_USER -g
$BIRD_RUN_GROUP $BIRD_ARGS $BIRD4_ARGS (code=exited, status=1/FAILURE)
Process: 25375 ExecStartPre=/usr/sbin/bird -p (code=exited, status=0/SUCCESS)
Process: 25369 ExecStartPre=/usr/lib/bird/prepare-environment (code=exited,
status=0/SUCCESS)
Main PID: 25376 (code=exited, status=1/FAILURE)
Mar 18 10:20:44 hades-nuc systemd[1]: Stopped BIRD Internet Routing Daemon
(IPv4).
Mar 18 10:20:44 hades-nuc systemd[1]: Starting BIRD Internet Routing Daemon
(IPv4)...
Mar 18 10:20:44 hades-nuc systemd[1]: Started BIRD Internet Routing Daemon
(IPv4).
Mar 18 10:20:44 hades-nuc systemd[1]: bird.service: Main process exited,
code=exited, status=1/FAILURE
Mar 18 10:20:44 hades-nuc bird[25376]: bird: /etc/bird/bird.conf, line 8:
Unable to open log file `/var/log/bird.log': Permission denied
Mar 18 10:20:44 hades-nuc systemd[1]: bird.service: Failed with result
'exit-code'.
If you look at /var/log/bird.log, you'll see it is owned by 'root:root',
not the expected 'bird:bird' as the original socket files
(/var/run/bird.ctl, /var/run/bird6.ctl).
This appears to be related to the parsing of bird.conf before privs are
dropped and files created.
This can be mitigated with a static workaround in /usr/lib/bird/prepare-
environment, but that's a brittle hammer, and not really the right place
for this:
diff -u prepare-environment.orig prepare-environment
--- prepare-environment.orig 2020-03-17 15:53:47.122726551 +0000
+++ prepare-environment 2020-03-17 15:51:19.496622613 +0000
@@ -2,11 +2,13 @@ set -eu+BIRD_LOG_FILE=/var/log/bird.log
BIRD_RUN_DIR=/run/bird
. /etc/bird/envvars mkdir --parents "$BIRD_RUN_DIR";
+touch "$BIRD_LOG_FILE" if [ -n "$BIRD_RUN_USER" ]; then
if ! getent passwd $BIRD_RUN_USER >/dev/null; then
@@ -22,7 +24,6 @@
fi
fi-chown --silent "$BIRD_RUN_USER:$BIRD_RUN_GROUP" "$BIRD_RUN_DIR"
+chown --silent "$BIRD_RUN_USER:$BIRD_RUN_GROUP" "$BIRD_RUN_DIR"
"$BIRD_LOG_FILE"
chmod 775 "$BIRD_RUN_DIR"
-
:
Thoughts?
** Affects: bird (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1867934
Title:
Updating bird.conf to point to non-syslog log file results in
incorrect log ownership, no logs written, service failure
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bird/+bug/1867934/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
