logrotate config uses syslog group

Bug #1644996 reported by Zsolt Ero on 2016-11-26
60
This bug affects 10 people
Affects Status Importance Assigned to Milestone
logrotate (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned
Cosmic
Undecided
Unassigned

Bug Description

The default logrotate config uses the "syslog" group.

> # use the syslog group by default, since this is the owning group
> # of /var/log/syslog.
> su root syslog

This is not correct anymore since 16.04, because:

1. "syslog" group doesn't exist on a stock Ubuntu 16.04 system, it only gets installed via rsyslog
2. The owning group is actually "adm".

This results in logrotate terminating with the following error during cron.daily run:

run-parts -v /etc/cron.daily
run-parts: executing /etc/cron.daily/logrotate
error: /etc/logrotate.conf:7 unknown group 'syslog'

And can be fixed by changing syslog to adm group.

This is not present when rsyslog is installed, but only because that package creates the syslog group. This is a common bug in lighter environments, like Docker, where syslog-ng is a common choice instead of rsyslog, like in this issue:
https://github.com/phusion/baseimage-docker/issues/338

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in logrotate (Ubuntu):
status: New → Confirmed

As mentioned in the original description, another workaround is:
```
apt install -y rsyslog
```

Mantas Kriaučiūnas (mantas) wrote :

This bug doesn't exist in Debian, it's only Ubuntu related workaround for Ubuntu 14.04 (Trusty), see LP bug #1258202

logrotate (3.8.6-1ubuntu2) trusty; urgency=low
  * debian/logrotate.conf: use group 'syslog' by default when rotating logs,
    otherwise logrotate will refuse to rotate logs in /var/log whose owning
    group is now syslog instead of root. LP: #1258202.

 -- Steve Langasek <email address hidden> Thu, 05 Dec 2013 10:35:47 -0800

Ubuntu developers, please change /etc/logrotate.conf line
su root syslog
to
su root adm

Or maybe we can remove this line from /etc/logrotate.conf , because in Debian logrotate package there are no such line since 2013 ...

tags: added: bionic regression-release xenial
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package logrotate - 3.14.0-4ubuntu3

---------------
logrotate (3.14.0-4ubuntu3) disco; urgency=medium

  * Fix typo in 'adm' group name.

logrotate (3.14.0-4ubuntu2) disco; urgency=medium

  * Use group 'adm' instead of 'syslog' when rotating logs. LP: #1644996.

 -- Dimitri John Ledkov <email address hidden> Mon, 21 Jan 2019 10:11:39 +0000

Changed in logrotate (Ubuntu):
status: Confirmed → Fix Released
Mantas Kriaučiūnas (mantas) wrote :

Dimitri John Ledkov, thanks for fixing, it would be nice if fix appear in LTS releases too, at least in Ubuntu 18.04 "Bionic"

tags: added: rls-bb-incoming
tags: removed: rls-bb-incoming
tags: added: rls-bb-notfixing rls-cc-notfixing
Mantas Kriaučiūnas (mantas) wrote :

@brian-murray , why you added "rls-bb-notfixing"? logrotate doesn't work at all in lots lxd containers because of this bug, lots of users are affected, why don't accept this one line patch into LTS releases

Steve Langasek (vorlon) wrote :

What lxd containers are affected?

$ lxc launch ubuntu:bionic syslog-test
Creating syslog-test
Starting syslog-test
$ sudo lxc exec syslog-test -- getent group syslog
syslog:x:106:
$

The rsyslog package is a Recommends: of the ubuntu-minimal package, which means that all images which Ubuntu produces will have this group present with the exception of the base tarball (on which the docker images are based), and the minimal image flavors (which includes a minimal lxd rootfs, but this is not currently published to streams).

So how do you have "lots of lxd containers" affected y this?

Mantas Kriaučiūnas (mantas) wrote :

Steve Langasek (vorlon), yes lots of Ubuntu users, including me have lots of containers (based on ubuntu-minimal - Ubuntu developers created "Minimal" LXC container image without rsyslog package by default), see ubuntu-18.04-minimal-cloudimg-amd64.manifest:

https://cloud-images.ubuntu.com/minimal/releases/bionic/release/ubuntu-18.04-minimal-cloudimg-
amd64.manifest

Also see these posts and work-arounds for example:

http://www.markusz.io/posts/2017/09/29/logrotate/#known-issues
https://github.com/sameersbn/docker-gitlab/issues/1544#issuecomment-373366621
https://gitlab.timmertech.nl/docker/gitlab/commit/428e37a821f94af03e72201420ee2874be8834b4

On Thu, Jan 31, 2019 at 01:48:06PM -0000, Mantas Kriaučiūnas wrote:
> Steve Langasek (vorlon), yes lots of Ubuntu users, including me have
> lots of containers (based on ubuntu-minimal - Ubuntu developers created
> "Minimal" LXC container image without rsyslog package by default), see
> ubuntu-18.04-minimal-cloudimg-amd64.manifest:

> https://cloud-images.ubuntu.com/minimal/releases/bionic/release/ubuntu-18.04-minimal-cloudimg-
> amd64.manifest

I know exactly what we are producing, I was personally involved in the
development of the minimal images. Which is why I am disputing the idea
that "lots of users" are consuming the minimal images in lxd today, because
I know they are not currently published in a form that is consumed by the
lxd client automatically.

> https://github.com/sameersbn/docker-gitlab/issues/1544#issuecomment-373366621
> https://gitlab.timmertech.nl/docker/gitlab/commit/428e37a821f94af03e72201420ee2874be8834b4

These are about docker, not about lxd. docker and lxd are completely
separate technologies that use completely separate images.

If what you are running is docker containers, then running a syslog daemon
(default or otherwise) and a log rotater inside the container is a corner
case with a straightforward workaround (create the group when you create
your docker image). This does not constitute a high priority issue for
SRUing.

If what you are running is lxd containers, you haven't answered my question
of how you are doing this.

Steve Langasek (vorlon) wrote :

Note that 'rls-bb-notfixing' is a statement that the Foundations Team does not intend to work on this SRU. It is not a statement that an SRU would be rejected.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.