I found one more packaging issue that becomes visible once the log
directory permissions are corrected.

After changing `/var/log/jetty9` to the permissions required for rsyslog
(`0770 jetty:adm`), the package's current logrotate configuration no
longer works.

Running:

```sh
sudo logrotate -f /etc/logrotate.d/jetty9
```

fails with:

```
error: skipping "/var/log/jetty9/jetty-console.log" because parent directory 
has insecure permissions (It's world writable or writable by group which is not 
"root") Set "su" directive in config file to tell logrotate which user/group 
should be used for rotation.
```

This is expected behaviour of logrotate. When the parent directory is
writable by a non-root group, logrotate refuses to operate unless an
explicit `su` directive is configured.

After adding:

```
su jetty adm
```

to the logrotate configuration, rotation succeeds normally.

Combined with the previously reported issue regarding:

```
create 640 jetty adm
```

(which should be `create 660 jetty adm` so that rsyslog can continue
writing after rotation), the package's logrotate configuration also
requires the appropriate `su` directive.

In other words, if the package is fixed by making `/var/log/jetty9`
writable by the `adm` group (which is necessary for rsyslog), the
logrotate configuration must be updated accordingly as well. Otherwise
log rotation will fail with the "parent directory has insecure
permissions" error.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2158988

Title:
  jetty9: LogsDirectory ownership prevents rsyslog from creating jetty-
  console.log

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jetty9/+bug/2158988/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to