Ubuntu
logrotate package

logrotate config uses syslog group

Bug #1644996 reported by Zsolt Ero
70
This bug affects 11 people
Affects Status Importance Assigned to Milestone
logrotate (Ubuntu)
Fix Released
Undecided
Unassigned
Bionic
Confirmed
Undecided
Unassigned
Cosmic
Confirmed
Undecided
Unassigned

Bug Description

The default logrotate config uses the "syslog" group.

> # use the syslog group by default, since this is the owning group
> # of /var/log/syslog.
> su root syslog

This is not correct anymore since 16.04, because:

1. "syslog" group doesn't exist on a stock Ubuntu 16.04 system, it only gets installed via rsyslog
2. The owning group is actually "adm".

This results in logrotate terminating with the following error during cron.daily run:

run-parts -v /etc/cron.daily
run-parts: executing /etc/cron.daily/logrotate
error: /etc/logrotate.conf:7 unknown group 'syslog'

And can be fixed by changing syslog to adm group.

This is not present when rsyslog is installed, but only because that package creates the syslog group. This is a common bug in lighter environments, like Docker, where syslog-ng is a common choice instead of rsyslog, like in this issue:
https://github.com/phusion/baseimage-docker/issues/338

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in logrotate (Ubuntu):
status: New → Confirmed
Revision history for this message
Markus Zoeller (markus_z) (mzoeller) wrote :

As mentioned in the original description, another workaround is:
```
apt install -y rsyslog
```

Revision history for this message
Mantas Kriaučiūnas (mantas) wrote :

This bug doesn't exist in Debian, it's only Ubuntu related workaround for Ubuntu 14.04 (Trusty), see LP bug #1258202

logrotate (3.8.6-1ubuntu2) trusty; urgency=low
  * debian/logrotate.conf: use group 'syslog' by default when rotating logs,
    otherwise logrotate will refuse to rotate logs in /var/log whose owning
    group is now syslog instead of root. LP: #1258202.

 -- Steve Langasek <email address hidden> Thu, 05 Dec 2013 10:35:47 -0800

Ubuntu developers, please change /etc/logrotate.conf line
su root syslog
to
su root adm

Or maybe we can remove this line from /etc/logrotate.conf , because in Debian logrotate package there are no such line since 2013 ...

tags: added: bionic regression-release xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package logrotate - 3.14.0-4ubuntu3

---------------
logrotate (3.14.0-4ubuntu3) disco; urgency=medium

  * Fix typo in 'adm' group name.

logrotate (3.14.0-4ubuntu2) disco; urgency=medium

  * Use group 'adm' instead of 'syslog' when rotating logs. LP: #1644996.

 -- Dimitri John Ledkov <email address hidden> Mon, 21 Jan 2019 10:11:39 +0000

Changed in logrotate (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Mantas Kriaučiūnas (mantas) wrote :

Dimitri John Ledkov, thanks for fixing, it would be nice if fix appear in LTS releases too, at least in Ubuntu 18.04 "Bionic"

Mantas Kriaučiūnas (mantas)
tags: added: rls-bb-incoming
Brian Murray (brian-murray)
tags: removed: rls-bb-incoming
Brian Murray (brian-murray)
tags: added: rls-bb-notfixing rls-cc-notfixing
Revision history for this message
Mantas Kriaučiūnas (mantas) wrote :

@brian-murray , why you added "rls-bb-notfixing"? logrotate doesn't work at all in lots lxd containers because of this bug, lots of users are affected, why don't accept this one line patch into LTS releases

Revision history for this message
Steve Langasek (vorlon) wrote :

What lxd containers are affected?

$ lxc launch ubuntu:bionic syslog-test
Creating syslog-test
Starting syslog-test
$ sudo lxc exec syslog-test -- getent group syslog
syslog:x:106:
$

The rsyslog package is a Recommends: of the ubuntu-minimal package, which means that all images which Ubuntu produces will have this group present with the exception of the base tarball (on which the docker images are based), and the minimal image flavors (which includes a minimal lxd rootfs, but this is not currently published to streams).

So how do you have "lots of lxd containers" affected y this?

Revision history for this message
Mantas Kriaučiūnas (mantas) wrote :

Steve Langasek (vorlon), yes lots of Ubuntu users, including me have lots of containers (based on ubuntu-minimal - Ubuntu developers created "Minimal" LXC container image without rsyslog package by default), see ubuntu-18.04-minimal-cloudimg-amd64.manifest:

https://cloud-images.ubuntu.com/minimal/releases/bionic/release/ubuntu-18.04-minimal-cloudimg-
amd64.manifest

Also see these posts and work-arounds for example:

http://www.markusz.io/posts/2017/09/29/logrotate/#known-issues
https://github.com/sameersbn/docker-gitlab/issues/1544#issuecomment-373366621
https://gitlab.timmertech.nl/docker/gitlab/commit/428e37a821f94af03e72201420ee2874be8834b4

Revision history for this message
Steve Langasek (vorlon) wrote : Re: [Bug 1644996] Re: logrotate config uses syslog group

On Thu, Jan 31, 2019 at 01:48:06PM -0000, Mantas Kriaučiūnas wrote:
> Steve Langasek (vorlon), yes lots of Ubuntu users, including me have
> lots of containers (based on ubuntu-minimal - Ubuntu developers created
> "Minimal" LXC container image without rsyslog package by default), see
> ubuntu-18.04-minimal-cloudimg-amd64.manifest:

> https://cloud-images.ubuntu.com/minimal/releases/bionic/release/ubuntu-18.04-minimal-cloudimg-
> amd64.manifest

I know exactly what we are producing, I was personally involved in the
development of the minimal images. Which is why I am disputing the idea
that "lots of users" are consuming the minimal images in lxd today, because
I know they are not currently published in a form that is consumed by the
lxd client automatically.

> https://github.com/sameersbn/docker-gitlab/issues/1544#issuecomment-373366621
> https://gitlab.timmertech.nl/docker/gitlab/commit/428e37a821f94af03e72201420ee2874be8834b4

These are about docker, not about lxd. docker and lxd are completely
separate technologies that use completely separate images.

If what you are running is docker containers, then running a syslog daemon
(default or otherwise) and a log rotater inside the container is a corner
case with a straightforward workaround (create the group when you create
your docker image). This does not constitute a high priority issue for
SRUing.

If what you are running is lxd containers, you haven't answered my question
of how you are doing this.

Revision history for this message
Steve Langasek (vorlon) wrote :

Note that 'rls-bb-notfixing' is a statement that the Foundations Team does not intend to work on this SRU. It is not a statement that an SRU would be rejected.

Revision history for this message
Dominik Springer (dominik-springer) wrote :

Having journald in place, rsyslog is no longer strictly necessary, so I would suggest to stop assuming that rsyslog will be in installed.

Revision history for this message
WGH (wgh) wrote :

At least one cloud provider builds its Ubuntu 18.04 images without rsyslog.

https://github.com/scaleway/image-ubuntu/issues/138

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in logrotate (Ubuntu Bionic):
status: New → Confirmed
Changed in logrotate (Ubuntu Cosmic):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.