[Bug 1964881] Re: Logging/Log rotation does not work for catalina.out

Evren Yurtesen 1964881 at bugs.launchpad.net
Tue Jun 28 13:48:59 UTC 2022 

> In the current debian packaging of tomcat9 all its logs are consistent
in their ownership

Is there consistency? Because some other package like 'jetty9' is
writing as 'root:adm' while `tomcat9` package 'tomcat:adm'. So I can say
that between different packages, there is no consistency in who owns the
logs.

Yes, within the `/var/log/tomcat9` one can claim that the files are
owned by same 'user:group'. Therefore consistent. But I do not see what
positive effect does it bring?

It is actually not good that the logs are owned by `tomcat` user anyway,
at least from a security point. This is a user which executes a web
server. Can read own logs. So it would make more sense to go to
`root:adm` by default. Yes, there is the elephant in the room as
`tomcat` itself is writing logs there and there is no easy way to make
those logs unreadable by tomcat as it rotates them also. But that is
something we do not have to touch.

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1964881

Title:
  Logging/Log rotation does not work for catalina.out

Status in tomcat9 package in Ubuntu:
  Fix Released
Status in tomcat9 source package in Focal:
  Confirmed
Status in tomcat9 source package in Jammy:
  Confirmed

Bug description:
  In Ubuntu 20.04, with `tomcat9-9.0.31-1ubuntu0.1` (latest) package, `logrotated` is not able to write to `/var/log/tomcat/catalina.out`
  This could be fixed in a newer package but was not backported:
  https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1861881

  In Ubuntu 22.04, with `tomcat9-9.0.58-1` (latest)  package,
  `logrotated` is not able to rotate `/var/log/tomcat/catalina.out`

  Because the `catalina.out` is created with `syslog:adm` ownerships.
  `syslog` user does not have enough permissions to change this.

  This causes following error:

  rsyslogd: error during config processing: omfile: chown for file
  '/var/log/tomcat9/catalina.out' failed: Operation not permitted
  [v8.2112.0 try https://www.rsyslog.com/e/2207 ]

  At the same time, the  `/etc/logrotate.d/tomcat9` has `su tomcat adm`
  directive. Therefore the `logrotated` is not able to truncate the
  `/var/log/tomcat/catalina.out`

  This causes logrotate to copy the contents of `/var/log/tomcat/catalina.out` to as if it would be rotated. As `catalina.out` is never truncated, each rotated file ends up having the contents of `catalina.out` from the beginning of the tomcat installation. This causes the log sizes to keep increasing as no actual log rotation is being done.
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu79
  Architecture: amd64
  CasperMD5CheckResult: pass
  DistroRelease: Ubuntu 22.04
  InstallationDate: Installed on 2022-02-27 (18 days ago)
  InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220121)
  Package: tomcat9 9.0.58-1
  PackageArchitecture: all
  ProcVersionSignature: Ubuntu 5.15.0-18.18-generic 5.15.12
  RebootRequiredPkgs: Error: path contained symlinks.
  Tags:  jammy
  Uname: Linux 5.15.0-18-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: N/A
  _MarkForUpload: True

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tomcat9/+bug/1964881/+subscriptions

More information about the Ubuntu-sponsors mailing list