Univention Bugzilla – Full Text Bug Listing |
Summary: | logrotate does not cover radius_ntlm_auth.log | ||
---|---|---|---|
Product: | UCS | Reporter: | Sönke Schwardt-Krummrich <schwardt> |
Component: | Radius | Assignee: | Julia Bremer <bremer> |
Status: | CLOSED FIXED | QA Contact: | Sönke Schwardt-Krummrich <schwardt> |
Severity: | normal | ||
Priority: | P5 | CC: | bremer, damrose, markus.daehlmann, mathieu.simon |
Version: | UCS 4.4 | ||
Target Milestone: | UCS 4.4-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=50971 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 4: Minor Usability: Impairs usability in secondary scenarios |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
User Pain: | 0.091 | Enterprise Customer affected?: | |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Sönke Schwardt-Krummrich
2019-11-26 12:21:22 CET
*** Bug 48799 has been marked as a duplicate of this bug. *** Local tests were successful. Please review my change! version build: 6.0.2-18A~4.4.0.202002171137 touched files: services/univention-radius/conffiles/etc/logrotate.d/univention-radius services/univention-radius/debian/changelog services/univention-radius/debian/univention-radius.univention-config-registry doc/errata/staging/univention-radius.yaml OK: code change OK: installation OK: update ~OK: changelog entry OK: advisory REOPEN: functional change OK: package built and installable Short test with univention-radius 6.0.2-19A~4.4.0.202002241643: root@master142:/etc/logrotate.d# ucr set logrotate/radius_ntlm_auth/rotate/count=123 [...] root@master142:/etc/logrotate.d# diff -u univention-radius univention-portal --- univention-radius 2020-01-10 18:54:57.880000000 +0100 +++ univention-portal 2020-01-10 18:54:58.504000000 +0100 @@ -5,12 +5,12 @@ # univention-config-registry ueberschrieben werden. # Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en): # -# /etc/univention/templates/files/etc/logrotate.d/univention-radius +# /etc/univention/templates/files/etc/logrotate.d/univention-portal # -/var/log/univention/radius_ntlm_auth.log { +/var/log/univention/portal.log { weekly - rotate 123 + rotate 12 create 640 root adm compress missingok CREATE LOG ENTRY: root@master142:~# cat > eapol.conf <<EOF network={ key_mgmt=WPA-EAP eap=PEAP identity="d.krause1" anonymous_identity="anonymous" password="univention" phase2="autheap=MSCHAPV2" } EOF root@master142:~# eapol_test -c eapol.conf -s testing123 root@master142:~# BEFORE LOGROTATE: root@master142:/var/log/univention# ls -la radius_ntlm_auth* -rw-r--r-- 1 root freerad 291 Jan 11 00:59 radius_ntlm_auth.log ROTATE LOGFILES: root@master142:# logrotate -vf /etc/logrotate.conf [...lots of output...] AFTER LOGROTATION: root@master142:/var/log/univention# ls -la radius_ntlm_auth* -rw-r----- 1 root adm 0 Jan 11 01:00 radius_ntlm_auth.log -rw-r--r-- 1 root freerad 291 Jan 11 00:59 radius_ntlm_auth.log.1 REOPEN: the permissions and the owner of the new logfile are not the same as before Sidenote: please also fix the mail address in the last debian/changelog entry. The permissions of a new logfile after logrotation is globally defined by UCR Variable logrotate/create, whichs default value is "640 root adm". Currently, there is no "easy" way to change the permissions with which the new logfiles are created by logrotation per logfile. I created Bug #50971 for this issue, which also affects the files config-registry.replog und samba4-provision.log. Since the logfile is still only writeable by root with this default configuration and freeradius can still write its logs into it, I think this is okay for now. 665f7e3cbc Bug #50545: yaml update eaa831d0fb Bug #50545: Fix file permissions in new logrotate files Package: univention-radius Version: 6.0.2-21A~4.4.0.202003171637 Branch: ucs_4.4-0 Scope: errata4.4-3 I was simply wrong. The UCR Variable can be used like this logorotate/file/create=... as pointed out by Phillip in Bug #50971. The UCR Variable logrotate/radius_ntlm_auth/create is now set in the postinst. BEFORE ("unclean" test env from last run!): root@master142:~# ls -la /var/log/univention/radius_ntlm_auth.* -rw-r----- 1 root adm 0 Jan 11 01:00 /var/log/univention/radius_ntlm_auth.log -rw-r--r-- 1 root freerad 291 Jan 11 00:59 /var/log/univention/radius_ntlm_auth.log.1 AFTER update and forced logrotation: root@master142:~# ls -la /var/log/univention/radius_ntlm_auth.* -rw-r--r-- 1 root freerad 0 Jan 11 02:09 /var/log/univention/radius_ntlm_auth.log -rw-r----- 1 root adm 291 Jan 11 02:09 /var/log/univention/radius_ntlm_auth.log.1 -rw-r--r-- 1 root freerad 195 Jan 11 00:59 /var/log/univention/radius_ntlm_auth.log.2.gz root@master142:~# ucr get logrotate/radius_ntlm_auth/create 644 root freerad OK: code change OK: installation OK: update OK: changelog entry UPDATED: advisory OK: package built and installable |