Bug 36621 - /etc/cron.d/php5 spams sysadmin
/etc/cron.d/php5 spams sysadmin
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: General
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-0-errata
Assigned To: Felix Botner
Janek Walkenhorst
https://bugs.debian.org/cgi-bin/bugre...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-11-12 21:25 CET by Janis Meybohm
Modified: 2015-02-04 15:55 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2014-11-12 21:25:40 CET
php5-common: 5.4.4-14.204.201411010701

The cronjob /etc/cron.d/php5 spams admin every 30 minutes

---
find: invalid argument `-delete' to `-cmin'
---

Looks like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759195
Comment 1 Janis Meybohm univentionstaff 2014-11-20 18:22:55 CET
Workaround:

# sh /usr/lib/php5/maxlifetime
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525+lfs/pam_auth.so' - /usr/lib/php5/20100525+lfs/pam_auth.so: cannot open shared object file: No such file or directory in Unknown on line 0

# rgrep pam_auth /etc/php5/*
/etc/php5/conf.d/pam_auth.ini:extension=pam_auth.so
root@lsau:~# dpkg -S /etc/php5/conf.d/pam_auth.ini
php5-auth-pam: /etc/php5/conf.d/pam_auth.ini


# dpkg -l php5-auth-pam 
rc  php5-auth-pam                           0.4-10.2.201104301050


# sh /usr/lib/php5/maxlifetime
24
Comment 2 Janis Meybohm univentionstaff 2014-11-21 08:09:35 CET
(In reply to Janis Meybohm from comment #1)

As "maxlifetime" is run with sh -x, this is not enough:

for sapi in apache2 apache2filter cgi fpm;
do
  echo "/etc/php5/${sapi}/php.ini"
  php5 -c /etc/php5/${sapi}/php.ini \
    -d "display_errors=On" \
    -d "display_startup_errors=On" \
    -r 'print ini_get("session.gc_maxlifetime");'
done

That shows (as least for me) three old configuration directives in "/etc/php5/apache2/php.ini" which I needed to remove one after the other (rerunning the above loop to get the next error):

Fatal error: Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
Fatal error: Directive 'magic_quotes_gpc' is no longer available in PHP in Unknown on line 0
Fatal error: Directive 'register_long_arrays' is no longer available in PHP in Unknown on line 0


There also is a "/etc/php5/apache2/php.ini.ucf-dist" that does not contain the problematic directives. Maybe a merge has gone wrong at some time between 3.0-1 and 4.0
Comment 3 Philipp Hahn univentionstaff 2015-01-28 10:20:08 CET
I only fixed the surface problem (cron sending mail), not the deeper problem (broken php5 config): The Debian supplied script debian/maxlifetime is using »set -e«, which terminates the script on the first failing »conf=$(php5...)« invocation. I converted that to follow the example from the second look, where »2>/dev/null || true« is used.
$ repo_admin.py --cherrypick --release 4.0-0-0 --releasedest 4.0-0-0 --dest errata4.0-0 -p php5
r14261 | Bug #36621 php5: Silence maxlifetime
r14263 | Bug #36621 php5: Silence maxlifetime

Package: php5
Version: 5.4.4-14.208.201501280731
Branch: ucs_4.0-0
Scope: errata4.0-0

r57618 | Bug #36621 php5: Silence maxlifetime YAML
r57619 | Bug #36621 php5: Silence maxlifetime YAML
 2015-01-28-php5.yaml
Comment 4 Janek Walkenhorst univentionstaff 2015-01-30 18:06:10 CET
The cron job is not changed on upgrade.
Comment 5 Felix Botner univentionstaff 2015-02-02 13:40:23 CET
(In reply to Janek Walkenhorst from comment #4)
> The cron job is not changed on upgrade.

Not the cron job was modified but the maxlifetime script /usr/lib/php5/maxlifetime (which is called by the cron job).

If i break my php5 conf with

 /etc/php5/conf.d/pam_auth.ini 
 extension=pam_auth.so

and

 /etc/php5/apache2/php.ini
 allow_call_time_pass_reference = On

maxlifetime complains:

-> more /etc/cron.d/php5 
# /etc/cron.d/php5: crontab fragment for php5
#  This purges session files older than X, where X is defined in seconds
#  as the largest value of session.gc_maxlifetime from all your php.ini
#  files, or 24 minutes if not defined.  See /usr/lib/php5/maxlifetime

# Look for and purge old sessions every 30 minutes
09,39 *     * * *     root   [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/
lib/php5 $(/usr/lib/php5/maxlifetime)

-> /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php5/20100525/pam_auth.so' - /usr/lib/php5/20100525/pam_auth.so: cannot open shared object file: No such file or directory in Unknown on line 0
PHP Fatal error:  Directive 'allow_call_time_pass_reference' is no longer available in PHP in Unknown on line 0
find: Ungültiges Argument -delete für "-cmin".

With the modified php5 package from errata4.0-0 the maxlifetime script redirects those PHP warnings to /dev/null

-> /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime)

-> /usr/lib/php5/maxlifetime
24
Comment 6 Janek Walkenhorst univentionstaff 2015-02-02 17:43:56 CET
(In reply to Felix Botner from comment #5)
> (In reply to Janek Walkenhorst from comment #4)
> > The cron job is not changed on upgrade.
> Not the cron job was modified but the maxlifetime script
> /usr/lib/php5/maxlifetime (which is called by the cron job).
Indeed it was, I was confused.


Patch review: OK
Issue fixed: OK
Advisory: OK
Comment 7 Janek Walkenhorst univentionstaff 2015-02-04 15:55:14 CET
<http://errata.univention.de/ucs/4.0/70.html>