Où poster pour corriger un soucis de logrotate?

:fr: Question sur une erreur, pour savoir où la re-poser

Mon serveur YunoHost

Matériel: ordinateur
Version de YunoHost: 11.2.8.2 (stable).
J’ai accès à mon serveur : En SSH | Par la webadmin | En direct avec un clavier/écran | …
Êtes-vous dans un contexte particulier ou avez-vous effectué des modificiations particulières sur votre instance ? : oui
Si oui, expliquer: Aucune idée, mais il tourne depuis des années, j’ai eu tendence à une époque à tester des choses…

Description du problème

J’ai récemment eu une coupure de courant à la maison. Heureusement tout s’est éteint proprement, mais comme j’ai eu mon premier reboot depuis des mois, j’ai décidé de regarder un peu si tout allait bien.
Et j’ai trouvé UN problème :

~ journalctl -u logrotate.service
déc. 18 00:00:00 superserver.fr logrotate[374429]: error: Ignoring freshrss because it is writable by group or others.
déc. 18 00:00:00 superserver.fr logrotate[374429]: error: Ignoring jellyfin because it is writable by group or others.
déc. 18 00:00:00 superserver.fr logrotate[374429]: error: Ignoring scrutiny because it is writable by group or others.
déc. 18 00:00:00 superserver.fr logrotate[374429]: error: Ignoring vaultwarden because it is writable by group or others.
déc. 18 00:00:00 superserver.fr logrotate[374429]: error: Ignoring wallabag2 because it is writable by group or others.
déc. 18 00:00:04 superserver.fr logrotate[374429]: error: skipping "/var/log/matrix-synapse/homeserver.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
déc. 18 00:00:04 superserver.fr logrotate[374429]: error: skipping "/var/log/matrix-synapse/turnserver.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
déc. 18 00:00:04 superserver.fr systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE

Ma question n’est pas vraiment «comment corriger ça» mais plutôt : « si j’ouvre un ticket, c’est au niveau de YunoHost ou bien un par app ?»
(Ou bien est ce que ça peut être moi qui ai tout cassé un jour ? (je ne pense pas, il y a dans le lot des applications installées très récemment))

Maybe Yunohost, to add it as a tickbox for packaging requirements? The only overlap my list of ignored apps with yours, is Synapse:

# journalctl -u logrotate.service|head
-- Journal begins at Sun 2023-07-30 19:16:08 UTC, ends at Wed 2024-01-10 22:05:01 UTC. --
Aug 07 00:00:01 online systemd[1]: Starting Rotate log files...
Aug 07 00:00:01 online logrotate[933432]: error: Ignoring synapse because it is writable by group or others.
Aug 07 00:00:14 online systemd[1]: logrotate.service: Succeeded.
Aug 07 00:00:14 online systemd[1]: Finished Rotate log files.
Aug 08 00:00:01 online systemd[1]: Starting Rotate log files...
Aug 08 00:00:03 online logrotate[961595]: error: Ignoring synapse because it is writable by group or others.
Aug 08 00:00:16 online systemd[1]: logrotate.service: Succeeded.

All other apps have their configurations in /etc/logrotate.d set to world readable, but only root-writable:


# ls -hals /etc/logrotate.d/
total 140K
...
4.0K -rw-r--r--   1 root root  581 Dec 25 22:02 snappymail
4.0K -rw-r--r--   1 root root  581 Dec 13 11:02 spftoolbox
4.0K -rw-r--r--   1 root root  578 Sep  1 22:37 ssbroom
4.0K -rw-rw-rw-   1 root root  585 Oct 14 00:10 synapse
4.0K -rw-r--r--   1 root root  584 Dec 30 23:12 syncserver-rs
...

So, I think it is a property that is set at the app level.

It was fixed with logrotate: fix generated config file perms by OniriCorpe · Pull Request #1736 · YunoHost/yunohost · GitHub

So this should be resolved in the next update of the package!

For now you can fix this using those two commands:
chmod 644 /etc/logrotate.d/synapse
logrotate -v /etc/logrotate.d/synape

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.