Please don't change permissions of /var/log/lighttpd during upgrade

Bug #109559 reported by PowerUser on 2007-04-24
36
This bug affects 4 people
Affects Status Importance Assigned to Milestone
lighttpd (Ubuntu)
Medium
Unassigned

Bug Description

Initiall configuration:
 Kubuntu 6.10 for AMD64 with all updates installed.
 I did installed lighttpd 1.4.13 from repository, adjusted config to suite my needs, etc.It worked perfectly, started on system boot automatically, etc.

My actions to cause bug:
 Updater has offered to download system upgrade of 6.10 to 7.04, I agreed and processed with system upgrade.
 During upgrade wizard has asked if I want to keep lighttpd settings (it's config file lighttpd.conf) during upgrade.Replied "Yes" so it has been kept.

Result:
 Now, in Kubuntu 7.04 lighttpd is no longer starts on system boot.Looks all init scripts are remained here so it is strange.Also other daemons including those manually added to boot sequence by hands are starting.I really have no idea why lighttpd no longer starts.Ideas are welcome.

Marco Rodrigues (gothicx) wrote :

I think you need to remove apache2...

PowerUser (i-am-sergey) wrote :

There is no apache at all.But I tracked problem down and fixed it.Here it comes.

I did run lighttpd under custom non-default user I'd created myself.All worked fine, startup script launches lighttpd as root but I pointed out to server to change to restricted user upon startup (in it's config file I used server.username and server.groupname to switch to restricted user).

During upgrade, owner and group of (existing and not empty!) lighttpd logs folder (/var/log/lighttpd) were changed for unknown reason to another user (intended to run www server but hey, I already had another user for this purpose!).Once server worked as restricted user and logs folder has been assigned to another owner\group, server was unable to write log file due to lack of permissions and exited due to this fact.

So, I have to ask: why updater has to alter owner and group of already existing and non-empty folder during system upgrade?Imho it should be left as is (or at least, you have to change owner after confirmation since this potentially may affect server's operations).

Anyway, not a serious issue - those who run servers have to be smart a bit or better do not run servers othervice.

Michael Vogt (mvo) wrote :

Thanks for this additional information.

I reassign to libhttpd as this package is responsible for any changes in /var/log/lighttpd

Changed in lighttpd:
importance: Undecided → Wishlist
status: Unconfirmed → Confirmed
Stephan Ruegamer (sadig) wrote :

I set this to invalid...because:
user www-data, group www-data is the default user/group for webservers in debian/ubuntu.
Changing this is an individual task and the server administrator should know about this issue and handle updates/upgrades more carefully.

Regards,

\sh

Changed in lighttpd:
status: Confirmed → Invalid
PowerUser (i-am-sergey) wrote :

Reopened, sorry.Resolution not seems to be acceptable for me, that's why...

1) I see no any valid reasons why updater should want to touch my (pre-existing and non-empty) logs directory (/var/logs/lighttpd) on working server.It already exists.It works.Logs are not part of package but a runtime-generated data and if server works, things are definitely tuned to do work right.Why the hell should updater then mess things up?I can understand if I'm installing package from scratch and there is no directory - ok to create new one with defaults.But changing parameters of pre-existing directories during update without a strong reason is a very bad idea, IMHO.

2) Touching logs directory of working server when it's not empty (during update) in best case will do exactly nothing.In not so lucky case it will sabotage lighttpd server's operation or do whatever else system administrator hardly will like.So, what is gained here, then? I'm thinking this operation on update is utterly stupid.

3) Non-default user may be convenient in some cases.Like it was in my one.

4) As a system administrator I want to trust to Ubuntu's installer and updater, up to level when scheduled updates are applied automatically in some cases when I can't manage things manually immediately.Right now this may lead to very poor experience.Updater is definitely not expected to apply destructive (but useless) changes to my system.

P.S. actually, such behavior caused some real server outage (not critical one, luckily).While I can read any documentation, this will not change the fact that installer does meaningless but destructive action which sabotages server's normal operation.Do you really expect I will use such system with so "competent" repositories maintenance on some critical servers, then?Will try to reopen bug since it's pretty annoying.

Changed in lighttpd:
status: Invalid → New
PowerUser (i-am-sergey) wrote :

Note: this annoying and unfair issue happens each time lighttpd is updated.Not just during OS updates but also during regular package updates during use of Kubuntu 7.04 and 7.10.

Daniel Hahler (blueyed) on 2008-04-23
Changed in lighttpd:
status: New → Triaged
Daniel Hahler (blueyed) wrote :

This seems to be related: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406338 ("~ is readable by www-data", complaining about too wide permissions).

Anyway, it might be a good idea to forward this issue to Debian.

Brian Ziman (ubug) wrote :

The trouble here is that the user lighttpd runs as is configured from lighttpd.conf. The server supports running as the specified user.

For a new installation, I can understand how the package might assume a particular user, but once the system is installed, updates need to honor the configuration. If a package is already installed, it's a good bet that you shouldn't screw with the permissions and users associated with that package, during an upgrade. That means, don't re-create the www-data user, sure as hell don't give it a shell, and don't change the ownership of related files.

The package scripts could always grep out server.username from /etc/lighttpd/lighttpd.conf, but you shouldn't just assume www-data, and stomp all over an existing configuration.

Brian Ziman (ubug) wrote :

Also, I'd like to propose that since this prevents a server from restarting after a security update in a production environment, that it be promoted from "wishlist" to a real severity. I'm new here, so I won't make that change myself... but I highly encourage someone with real authority to do so.

Daniel Hahler (blueyed) on 2009-04-06
Changed in lighttpd (Ubuntu):
importance: Wishlist → Medium
Olaf van der Spek (olafvdspek) wrote :

"chown www-data:www-data /var/log/lighttpd" is done unconditionally in postinst.
It should only be done when that dir is created for the first time, but I've no idea how to implement that.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.