Mailing List Archive

On 27/04/2020 11:58, Brian Candler wrote:
>
> Just a small note.
>
> On a default Ubuntu 18.04 box with rsyslog-8.32.0, /var/log is owned
> by root:syslog mode 775.
>
> After upgrading to rsyslog-8.2002.0 from the adiscon PPA
> <https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable>, /var/log
> is still owned root:syslog, but changes to mode 755.
>
> This means that the rsyslog daemon doesn't have permissions to create
> new files under /var/log.  This bit me on a scripted VM install, where
> I'd replaced rsyslog with the adiscon version, *before* rsyslog had a
> chance to create /var/log/syslog.
>
> Obviously it's easy enough to fix once you know the issue, but I just
> thought it was worth a mention in case anyone falls into this trap. 
> Or perhaps you could consider changing the mode of /var/log in the
> adiscon package to match the stock Ubuntu install.
>
FYI,

Thanks to This stackexchange posting I found the underlying problem:

https://unix.stackexchange.com/questions/377376/permissions-on-var-log-reset-on-boot

(1) On a stock Ubuntu system, the rsyslog package contains a file
/usr/lib/tmpfiles.d/00rsyslog.conf which sets the permissions correctly:

$ cat /usr/lib/tmpfiles.d/00rsyslog.conf
# Override systemd's default tmpfiles.d/var.conf to make /var/log
writable by
# the syslog group, so that rsyslog can run as user.
# See tmpfiles.d(5) for details.

# Type Path    Mode UID  GID  Age Argument
z /var/log 0775 root syslog -
z /var/log/auth.log 0640 syslog adm -
z /var/log/mail.err 0640 syslog adm -
z /var/log/mail.log 0640 syslog adm -
z /var/log/kern.log 0640 syslog adm -
z /var/log/syslog 0640 syslog adm -
d /var/spool/rsyslog 0700 syslog adm -

$ dpkg-query -S /usr/lib/tmpfiles.d/00rsyslog.conf
rsyslog: /usr/lib/tmpfiles.d/00rsyslog.conf

(2) On a system where rsyslog has been installed from the Adiscon PPA,
/usr/lib/tmpfiles.d/00rsyslog.conf does not exist.  The permissions are
instead set from a systemd default file:

$ grep -R '/var/log ' /usr/lib/tmpfiles.d
/usr/lib/tmpfiles.d/var.conf:d /var/log 0755 - - -

$ dpkg-query -S /usr/lib/tmpfiles.d/var.conf
systemd: /usr/lib/tmpfiles.d/var.conf

This means even if you set the permissions correctly by hand, when you
next reboot the system, the directory reverts to mode 755 - argh!

Anyway, just thought you might like to know.  If the Adison PPA is
Ubuntu-specific (which it appears to be, e.g.
"http://ppa.launchpad.net/adiscon/v8-stable/ubuntu bionic") then I think
it would be helpful to include this file in your packages.

Regards,

Brian Candler.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

FWIW, here are some relevant GitHub issues/Pull Requests:

https://github.com/rsyslog/rsyslog-pkg-ubuntu/issues/61
https://github.com/rsyslog/rsyslog-pkg-ubuntu/pull/93

I made a few remarks on the PR as it looks like one of the paths is missing a leading slash.

-----Original Message-----
From: rsyslog <rsyslog-bounces@lists.adiscon.com> On Behalf Of Brian Candler via rsyslog
Sent: Saturday, June 6, 2020 11:40 AM
To: rsyslog@lists.adiscon.com
Cc: Brian Candler <b.candler@pobox.com>
Subject: Re: [rsyslog] rsyslog Ubuntu ppa: permissions on /var/log

On 27/04/2020 11:58, Brian Candler wrote:
>
> Just a small note.
>
> On a default Ubuntu 18.04 box with rsyslog-8.32.0, /var/log is owned
> by root:syslog mode 775.
>
> After upgrading to rsyslog-8.2002.0 from the adiscon PPA
> <https://launchpad.net/~adiscon/+archive/ubuntu/v8-stable>, /var/log
> is still owned root:syslog, but changes to mode 755.
>
> This means that the rsyslog daemon doesn't have permissions to create
> new files under /var/log.  This bit me on a scripted VM install, where
> I'd replaced rsyslog with the adiscon version, *before* rsyslog had a
> chance to create /var/log/syslog.
>
> Obviously it's easy enough to fix once you know the issue, but I just
> thought it was worth a mention in case anyone falls into this trap. 
> Or perhaps you could consider changing the mode of /var/log in the
> adiscon package to match the stock Ubuntu install.
>
FYI,

Thanks to This stackexchange posting I found the underlying problem:

https://unix.stackexchange.com/questions/377376/permissions-on-var-log-reset-on-boot

(1) On a stock Ubuntu system, the rsyslog package contains a file
/usr/lib/tmpfiles.d/00rsyslog.conf which sets the permissions correctly:

$ cat /usr/lib/tmpfiles.d/00rsyslog.conf
# Override systemd's default tmpfiles.d/var.conf to make /var/log
writable by
# the syslog group, so that rsyslog can run as user.
# See tmpfiles.d(5) for details.

# Type Path    Mode UID  GID  Age Argument
z /var/log 0775 root syslog -
z /var/log/auth.log 0640 syslog adm -
z /var/log/mail.err 0640 syslog adm -
z /var/log/mail.log 0640 syslog adm -
z /var/log/kern.log 0640 syslog adm -
z /var/log/syslog 0640 syslog adm -
d /var/spool/rsyslog 0700 syslog adm -

$ dpkg-query -S /usr/lib/tmpfiles.d/00rsyslog.conf
rsyslog: /usr/lib/tmpfiles.d/00rsyslog.conf

(2) On a system where rsyslog has been installed from the Adiscon PPA,
/usr/lib/tmpfiles.d/00rsyslog.conf does not exist.  The permissions are
instead set from a systemd default file:

$ grep -R '/var/log ' /usr/lib/tmpfiles.d
/usr/lib/tmpfiles.d/var.conf:d /var/log 0755 - - -

$ dpkg-query -S /usr/lib/tmpfiles.d/var.conf
systemd: /usr/lib/tmpfiles.d/var.conf

This means even if you set the permissions correctly by hand, when you
next reboot the system, the directory reverts to mode 755 - argh!

Anyway, just thought you might like to know.  If the Adison PPA is
Ubuntu-specific (which it appears to be, e.g.
"http://ppa.launchpad.net/adiscon/v8-stable/ubuntu bionic") then I think
it would be helpful to include this file in your packages.

Regards,

Brian Candler.

_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.