Bug 7678 - Logrotate fails for clamav logfiles: "parent directory has insecure permissions"
: Logrotate fails for clamav logfiles: "parent directory has insecure permissions"
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-01-30 18:18 MSK by Giovanni Mariani
Modified: 2017-03-12 01:27 MSK (History)
1 user (show)

See Also:
RPM Package: clamav-0.99.2-2.src.rpm
ISO-related:
Bad POT generating:
Upstream: known


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Giovanni Mariani 2017-01-30 18:18:20 MSK
Description of problem:
When time come to rotate log files for clamd, freshclam (and clamav-milter, I guess), the cron job fails with the errors below
***************************
Rivendell logrotate[15385]: error: skipping "/var/log/clamav/clamd.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Rivendell logrotate[15385]: error: skipping "/var/log/clamav/freshclam.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
***************************
See Mageia bug #12085.

Looks like we lack a "su clamav clamav" in all our .logrotate files...

Version-Release number of selected component (if applicable):
0.99.2-2

How reproducible:
Always

Steps to Reproduce:
1. Install the clamav packages
2. Trigger a log rotation (see https://bugs.mageia.org/show_bug.cgi?id=12085#c4 for a way to do it)
3. Look at the system log for the above errors
Comment 1 Denis Silakov 2017-02-20 01:16:04 MSK
Build lists in bug 7677 contain fix for this issue, as well. Let's wait for qa.