** Description changed:
+ [Impact]
+
+ MySQL's logrotate script fails due to permissions in folders where log
+ files are stored.
+
+ The fix for this should be backported to stable releases to allow log
+ rotation to complete normally as expected.
+
+ The bug is fixed by providing a su directive to the logrotate config to
+ run the script assuming the mysql user and adm group.
+
+ [Test Plan]
+
+ Prior to the fix, running
+
+ logrotate --force /etc/logrotate.d/mysql-server
+
+ will fail with the output
+
+ error: skipping "/var/log/mysql.log" because parent directory has
+ insecure permissions (It's world writable or writable by group which is
+ not "root") Set "su" directive in config file to tell logrotate which
+ user/group should be used for rotation.
+
+ After the fix, the rotation should succeed
+
+ [Where problems could occur]
+
+ Since logs have failed to rotate in noble and later, unexpected problems
+ could occur from the log rotation process.
+
+ [Other Info]
+
+ This issue was fixed in questing in 8.4.5-0ubuntu2.
+
+ Jammy and earlier releases are not affected due to the logrotate
+ permission requirements being updated later on.
+
+ The fix will be for the mysql-8.4 package in questing and plucky, and
+ mysql-8.0 in noble and oracular.
+
+ [Original Description]
+
The existing logrotate rules file:
/etc/logrotate.d/mysql-server:
# - I put everything in one block and added sharedscripts, so that mysql gets
- # flush-logs'd only once.
- # Else the binary logs would automatically increase by n times every day.
+ # flush-logs'd only once.
+ # Else the binary logs would automatically increase by n times every day.
# - The error log is obsolete, messages go to syslog now.
/var/log/mysql.log /var/log/mysql/*log {
daily
rotate 7
missingok
create 640 mysql adm
compress
sharedscripts
postrotate
test -x /usr/bin/mysqladmin || exit 0
# If this fails, check debian.conf!
MYADMIN="/usr/bin/mysqladmin
--defaults-file=/etc/mysql/debian.cnf"
if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then
# Really no mysqld or rather a missing debian-sys-maint
user?
# If this occurs and is not a error please report a bug.
#if ps cax | grep -q mysqld; then
if killall -q -s0 -umysql mysqld; then
exit 1
fi
else
$MYADMIN flush-logs
fi
endscript
}
-
Causes logrotate to emit errors:
error: skipping "/var/log/mysql.log" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set
"su" directive in config file to tell logrotate which user/group should be used
for rotation.
-
However, we could update it with:
su mysql adm
first, which tells logrotate to rotate those files as the same use it is
asking it to create the files as.
** No longer affects: mysql-8.0 (Ubuntu Focal)
** No longer affects: mysql-8.0 (Ubuntu Jammy)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2112151
Title:
logrotate rules incomplete for mysql
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/2112151/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
