From: Petr Vorel <pvorel@suse.cz>
To: Po-Hsu Lin <po-hsu.lin@canonical.com>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH] logrotate: fix permission issue on Ubuntu
Date: Wed, 19 Jun 2024 18:31:26 +0200 [thread overview]
Message-ID: <20240619163126.GA493392@pevik> (raw)
In-Reply-To: <20240613075348.696575-1-po-hsu.lin@canonical.com>
> When running this logrotate test on Ubuntu, the test will fail with:
> logrotate_tests 2 TINFO: sleep 1 min to wait for rotating logs
> logrotate_tests 2 TFAIL: [ -f /var/log/tst_largelogfile.1.gz ] failed unexpectedly
> logrotate_tests 2 TFAIL: Failed to create a compressed file
> Look more closely to what this test is trying to do we will see there
> are two issues here in the tst_largelog.conf:
> 1. "include /etc/logrotate.d"
> This will rotate other log files defined here, since we are just testing
> the log rotation capibility I think there is no need to rotate log files
> other than the one for this test.
> 2. Permission issue on Ubuntu
Is it only Ubuntu or also Debian? Or, wouldn't be better to add permissions
regardless the system?
> Trying to rotate the target file on Ubuntu will cause the following error:
> error: skipping "/var/log/tst_largelogfile" because parent directory has
> insecure permissions (It's world writable or writable by group which
> is not "root") Set "su" directive in config file to tell logrotate
> which user/group should be used for rotation.
> Solution is to add an extra line with the user and group information of
> the /var/log directory. This change has been limited to Ubuntu to prevent
> causing regression on other OS.
> Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
> ---
> testcases/commands/logrotate/logrotate_tests.sh | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
> diff --git a/testcases/commands/logrotate/logrotate_tests.sh b/testcases/commands/logrotate/logrotate_tests.sh
> index 1f3e61294..4506ab5c6 100755
> --- a/testcases/commands/logrotate/logrotate_tests.sh
> +++ b/testcases/commands/logrotate/logrotate_tests.sh
> @@ -90,14 +90,17 @@ test1()
> test2()
> {
> + permission=""
missing keyboard local (it.d be local permission, ="" not needed). But it's
better to put it into setup function to be executed only once (one can run kind
of stress tests with -i1000, permission detection will be needed only once.
> + if `grep -q 'NAME="Ubuntu"' /etc/os-release 2>/dev/null`; then
`` are not needed. Also grepping ID would be slightly more readable:
> + permission="su `stat -c "%U %G" /var/log`"
Do we really need to use su? It would have to be installed and configured.
IMHO it should be OK to to run stat without su.
> + fi
> cat >tst_largelog.conf <<-EOF
> # create new (empty) log files after rotating old ones
> create
> # compress the log files
> compress
> - # RPM packages drop log rotation information into this directory
> - include /etc/logrotate.d
> /var/log/tst_largelogfile {
> + $permission
> rotate 5
> size=2k
> }
I propose these changes over your patch. Could you please test it?
+++ testcases/commands/logrotate/logrotate_tests.sh
@@ -25,8 +25,18 @@ TST_NEEDS_CMDS="crontab file grep logrotate"
TST_TESTFUNC=test
TST_NEEDS_TMPDIR=1
TST_CNT=2
+TST_SETUP=setup
TST_CLEANUP=cleanup
+PERMISSION=
+
+setup()
+{
+ if grep 'ID=ubuntu' /etc/os-release 2>/dev/null; then
+ PERMISSION="$(stat -c "%U %G" /var/log)"
+ fi
+}
+
cleanup()
{
(crontab -l | grep -v tst_largelog) | crontab -
@@ -90,17 +100,13 @@ test1()
test2()
{
- permission=""
- if `grep -q 'NAME="Ubuntu"' /etc/os-release 2>/dev/null`; then
- permission="su `stat -c "%U %G" /var/log`"
- fi
cat >tst_largelog.conf <<-EOF
# create new (empty) log files after rotating old ones
create
# compress the log files
compress
/var/log/tst_largelogfile {
- $permission
+ $PERMISSION
rotate 5
size=2k
}
---
Or, even without condition on PERMISSION.
With these changes, you may add.
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Kind regards,
Petr
+++ testcases/commands/logrotate/logrotate_tests.sh
@@ -21,7 +21,7 @@
# - Add messages to the logfile until it gets rotated when a re-dittermined size
# is reached.
-TST_NEEDS_CMDS="crontab file grep logrotate"
+TST_NEEDS_CMDS="crontab file grep logrotate stat"
TST_TESTFUNC=test
TST_NEEDS_TMPDIR=1
TST_CNT=2
@@ -32,9 +32,7 @@ PERMISSION=
setup()
{
- if grep 'ID=ubuntu' /etc/os-release 2>/dev/null; then
- PERMISSION="$(stat -c "%U %G" /var/log)"
- fi
+ PERMISSION="$(stat -c "%U %G" /var/log)"
}
cleanup()
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2024-06-19 16:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-13 7:53 [LTP] [PATCH] logrotate: fix permission issue on Ubuntu Po-Hsu Lin
2024-06-19 16:31 ` Petr Vorel [this message]
2024-06-20 3:12 ` Po-Hsu Lin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240619163126.GA493392@pevik \
--to=pvorel@suse.cz \
--cc=ltp@lists.linux.it \
--cc=po-hsu.lin@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.