[Bug 1748147] Re: Upgrading systemd sets incorrect permissions on /var/log/
Seyeong Kim
seyeong.kim at canonical.com
Fri May 25 05:28:15 UTC 2018
** Tags added: sts-sru-needed
** Patch added: "lp1748147_xenial.debdiff"
https://bugs.launchpad.net/debhelper/+bug/1748147/+attachment/5144099/+files/lp1748147_xenial.debdiff
** Changed in: debhelper (Ubuntu)
Assignee: (unassigned) => Seyeong Kim (xtrusia)
** Description changed:
[Impact]
/var/log's Permission is going back to 755
after upgrading systemd
if there are rsyslog's configuration on /var/lib/tmpfiles.d/
+
+ Affected X, A, B, C
[Test Case]
1. deploy 16.04 vm
2. check ll /var (775)
3. apt install --reinstall systemd
4. check ll /var (755)
[Regression Potential]
This changes debhelper's override process. so if the other pkgs are using same technic like rsyslog pkg do, It should be changed like rsyslog
[Others]
For this issue, need to fix below pkgs
debhelper
systemd ( rebuilding with new debhelper is needed )
rsyslog ( 00rsyslog.conf to var.conf and location should be /etc/tmpfiles.d, to support override supported by debhelper )
[Original description]
Upgrading or reinstalling the systemd package when using rsyslogd
results in bad permissions (0755 instead of 0775) being set on
/var/log/. As a consequence of this, rsyslogd can no longer create new
files within this directory, resulting in lost log messages.
The default configuration of rsyslogd provided by Ubuntu runs the daemon
as syslog:syslog and sets ownership of /var/log to syslog:adm with mode
0775.
Systemd's default tmpfiles configuration sets /var/log to 0755 in
/usr/lib/tmpfiles.d/var.conf, however this is overridden in
/usr/lib/tmpfiles.d/00rsyslog.conf which is provided by package rsyslog.
It looks as though an upgrade of the systemd package fails to take
/usr/lib/tmpfiles.d/00rsyslog.conf into account, as demonstrated below.
This results in /var/log receiving mode 0755 instead of the expected
0775:
nick @ log2.be1.ams1:~ $ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
nick @ log2.be1.ams1:~ $ apt policy systemd
systemd:
Installed: 229-4ubuntu21.1
Candidate: 229-4ubuntu21.1
Version table:
*** 229-4ubuntu21.1 500
500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
100 /var/lib/dpkg/status
229-4ubuntu4 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
nick @ log2.be1.ams1:~ $ apt policy rsyslog
rsyslog:
Installed: 8.16.0-1ubuntu3
Candidate: 8.16.0-1ubuntu3
Version table:
*** 8.16.0-1ubuntu3 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
nick @ log2.be1.ams1:~ $ grep -F /var/log /usr/lib/tmpfiles.d/var.conf
d /var/log 0755 - - -
f /var/log/wtmp 0664 root utmp -
f /var/log/btmp 0600 root utmp -
nick @ log2.be1.ams1:~ $ cat /usr/lib/tmpfiles.d/00rsyslog.conf
# Override systemd's default tmpfiles.d/var.conf to make /var/log writable by
# the syslog group, so that rsyslog can run as user.
# See tmpfiles.d(5) for details.
# Type Path Mode UID GID Age Argument
d /var/log 0775 root syslog -
nick @ log2.be1.ams1:~ $ ls -ld /var/log
drwxrwxr-x 8 root syslog 4096 Feb 7 13:45 /var/log
nick @ log2.be1.ams1:~ $ sudo apt install --reinstall systemd
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 7 not upgraded.
Need to get 3,634 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 systemd amd64 229-4ubuntu21.1 [3,634 kB]
Fetched 3,634 kB in 0s (24.3 MB/s)
(Reading database ... 86614 files and directories currently installed.)
Preparing to unpack .../systemd_229-4ubuntu21.1_amd64.deb ...
Unpacking systemd (229-4ubuntu21.1) over (229-4ubuntu21.1) ...
Processing triggers for dbus (1.10.6-1ubuntu3.3) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up systemd (229-4ubuntu21.1) ...
addgroup: The group `systemd-journal' already exists as a system group. Exiting.
nick @ log2.be1.ams1:~ $ ls -ld /var/log
drwxr-xr-x 8 root syslog 4096 Feb 7 13:45 /var/log
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to debhelper in Ubuntu.
https://bugs.launchpad.net/bugs/1748147
Title:
Upgrading systemd sets incorrect permissions on /var/log/
Status in debhelper:
Fix Released
Status in debhelper package in Ubuntu:
New
Bug description:
[Impact]
/var/log's Permission is going back to 755
after upgrading systemd
if there are rsyslog's configuration on /var/lib/tmpfiles.d/
Affected X, A, B, C
[Test Case]
1. deploy 16.04 vm
2. check ll /var (775)
3. apt install --reinstall systemd
4. check ll /var (755)
[Regression Potential]
This changes debhelper's override process. so if the other pkgs are using same technic like rsyslog pkg do, It should be changed like rsyslog
[Others]
For this issue, need to fix below pkgs
debhelper
systemd ( rebuilding with new debhelper is needed )
rsyslog ( 00rsyslog.conf to var.conf and location should be /etc/tmpfiles.d, to support override supported by debhelper )
[Original description]
Upgrading or reinstalling the systemd package when using rsyslogd
results in bad permissions (0755 instead of 0775) being set on
/var/log/. As a consequence of this, rsyslogd can no longer create new
files within this directory, resulting in lost log messages.
The default configuration of rsyslogd provided by Ubuntu runs the
daemon as syslog:syslog and sets ownership of /var/log to syslog:adm
with mode 0775.
Systemd's default tmpfiles configuration sets /var/log to 0755 in
/usr/lib/tmpfiles.d/var.conf, however this is overridden in
/usr/lib/tmpfiles.d/00rsyslog.conf which is provided by package
rsyslog.
It looks as though an upgrade of the systemd package fails to take
/usr/lib/tmpfiles.d/00rsyslog.conf into account, as demonstrated
below. This results in /var/log receiving mode 0755 instead of the
expected 0775:
nick @ log2.be1.ams1:~ $ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
nick @ log2.be1.ams1:~ $ apt policy systemd
systemd:
Installed: 229-4ubuntu21.1
Candidate: 229-4ubuntu21.1
Version table:
*** 229-4ubuntu21.1 500
500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
100 /var/lib/dpkg/status
229-4ubuntu4 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
nick @ log2.be1.ams1:~ $ apt policy rsyslog
rsyslog:
Installed: 8.16.0-1ubuntu3
Candidate: 8.16.0-1ubuntu3
Version table:
*** 8.16.0-1ubuntu3 500
500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
nick @ log2.be1.ams1:~ $ grep -F /var/log /usr/lib/tmpfiles.d/var.conf
d /var/log 0755 - - -
f /var/log/wtmp 0664 root utmp -
f /var/log/btmp 0600 root utmp -
nick @ log2.be1.ams1:~ $ cat /usr/lib/tmpfiles.d/00rsyslog.conf
# Override systemd's default tmpfiles.d/var.conf to make /var/log writable by
# the syslog group, so that rsyslog can run as user.
# See tmpfiles.d(5) for details.
# Type Path Mode UID GID Age Argument
d /var/log 0775 root syslog -
nick @ log2.be1.ams1:~ $ ls -ld /var/log
drwxrwxr-x 8 root syslog 4096 Feb 7 13:45 /var/log
nick @ log2.be1.ams1:~ $ sudo apt install --reinstall systemd
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 7 not upgraded.
Need to get 3,634 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 systemd amd64 229-4ubuntu21.1 [3,634 kB]
Fetched 3,634 kB in 0s (24.3 MB/s)
(Reading database ... 86614 files and directories currently installed.)
Preparing to unpack .../systemd_229-4ubuntu21.1_amd64.deb ...
Unpacking systemd (229-4ubuntu21.1) over (229-4ubuntu21.1) ...
Processing triggers for dbus (1.10.6-1ubuntu3.3) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up systemd (229-4ubuntu21.1) ...
addgroup: The group `systemd-journal' already exists as a system group. Exiting.
nick @ log2.be1.ams1:~ $ ls -ld /var/log
drwxr-xr-x 8 root syslog 4096 Feb 7 13:45 /var/log
To manage notifications about this bug go to:
https://bugs.launchpad.net/debhelper/+bug/1748147/+subscriptions
More information about the foundations-bugs
mailing list