Bug 911613

Summary: mariadb: logrotate: error: skipping "/var/log/mysql/mysqld.log" because parent directory has insecure permissions
Product: [openSUSE] openSUSE Tumbleweed Reporter: Martin Pluskal <mpluskal>
Component: BasesystemAssignee: Kristyna Streitova <kstreitova>
Status: RESOLVED DUPLICATE QA Contact: E-mail List <qa-bugs>
Severity: Minor    
Priority: P5 - None CC: dimstar, michal.hrusecky
Version: 201412*   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Martin Pluskal 2015-01-04 14:46:49 UTC 
I have noticed that recently logrotate started to complain about permissions of mariadb logs:
# systemctl status logrotate -l
logrotate.service - Rotate log files
   Loaded: loaded (/usr/lib/systemd/system/logrotate.service; static)
   Active: failed (Result: exit-code) since Sun 2015-01-04 00:00:04 CET; 15h ago
     Docs: man:logrotate(8)
           man:logrotate.conf(5)
 Main PID: 23409 (code=exited, status=1/FAILURE)

Jan 04 00:00:01 antikristyna logrotate[23409]: error: skipping "/var/log/mysql/mysqld.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Jan 04 00:00:04 antikristyna logrotate[23409]: compress_ext is /usr/bin/xz
Jan 04 00:00:04 antikristyna logrotate[23409]: compress_ext was changed to .x
Comment 1 Andreas Schwab 2015-06-11 08:59:29 UTC 
This was already broken in 13.2.
Comment 2 Dominique Leuenberger 2015-08-05 13:55:05 UTC 
FYI: in tumbleweed, there was a patch added to address this:

https://build.opensuse.org/package/rdiff/openSUSE:Factory/mysql-community-server?linkrev=base&rev=50

it contains a new patch called:
mysql-patches.tar.bz2/mysql-patches/mysql-community-server-5.6.12-logrotate-su.patch

@@ -0,0 +1,17 @@
+PATCH-P0-SUSE: Fix for logrorate config
+
+This patch fixes the logrotarte config file for mysql.
+Read more at https://www.novell.com/support/kb/doc.php?id=7005219
+
+Index: support-files/mysql-log-rotate.sh
+===================================================================
+--- support-files/mysql-log-rotate.sh.orig
++++ support-files/mysql-log-rotate.sh
+@@ -21,6 +21,7 @@
+ 
+ /var/log/mysql/mysqld.log {
+         # create 600 mysql mysql
++        su mysql mysql
+         notifempty
+         daily
+         rotate 5
Comment 3 Kristyna Streitova 2015-08-18 11:17:51 UTC 
It's a duplicate of the bug 840079

*** This bug has been marked as a duplicate of bug 840079 ***