Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed

deoren
While researching permission issues on /var/log, I realized that the
rsyslog package from the Ubuntu PPA doesn't provide an override for
/usr/lib/tmpfiles.d/var.conf (which has a rule that sets /var/log to
0755). I submitted #1655 via GitHub for that, thinking that the problem
was likely limited to systems being upgraded from Ubuntu 14.04 LTS to
16.04 LTS. In that scenario, having the PPA version of rsyslog installed
on 14.04 would block the installation of the
/usr/lib/tmpfiles.d/00rsyslog.conf file when upgrading to 16.04 since
the PPA version of rsyslog is newer than what the Ubuntu 16.04 repos
provide.

While looking closer, I realized installing the latest version from the
official adiscon/v8-stable PPA (v8.27.0 as I write this) results in an
existing copy of the /usr/lib/tmpfiles.d/00rsyslog.conf file (from the
Ubuntu provided rsyslog package) being removed.

I expected it to be left behind as with other configuration files, but
after extracting Ubuntu's package and looking at the 'conffiles' file, I
noticed that the /usr/lib/tmpfiles.d/00rsyslog.conf file is not listed
within.

Is it because that file is not listed within the 'conffiles' file that
@apt@ removes it when upgrading from Ubuntu's version of rsyslog to the
version provided by the official PPA?

I've updated the GitHub issue with a test run showing the results of
upgrading.

https://github.com/rsyslog/rsyslog/issues/1655

Thanks in advance for your help.

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed

David Lang
I've been using rsyslog since 2006 and never seen /usr/lib/tempfiles.d

I don't think any adiscon created package has ever had it. That looks like
something that is unique to the ubuntu packaging (it's not in the adiscon
packages or in the debian packages)

David Lang

  On Mon, 10 Jul 2017, deoren wrote:

> Date: Mon, 10 Jul 2017 13:12:18 -0500
> From: deoren <[hidden email]>
> Reply-To: rsyslog-users <[hidden email]>
> To: [hidden email]
> Subject: [rsyslog] Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA
>     results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed
>
> While researching permission issues on /var/log, I realized that the rsyslog
> package from the Ubuntu PPA doesn't provide an override for
> /usr/lib/tmpfiles.d/var.conf (which has a rule that sets /var/log to 0755). I
> submitted #1655 via GitHub for that, thinking that the problem was likely
> limited to systems being upgraded from Ubuntu 14.04 LTS to 16.04 LTS. In that
> scenario, having the PPA version of rsyslog installed on 14.04 would block
> the installation of the /usr/lib/tmpfiles.d/00rsyslog.conf file when
> upgrading to 16.04 since the PPA version of rsyslog is newer than what the
> Ubuntu 16.04 repos provide.
>
> While looking closer, I realized installing the latest version from the
> official adiscon/v8-stable PPA (v8.27.0 as I write this) results in an
> existing copy of the /usr/lib/tmpfiles.d/00rsyslog.conf file (from the Ubuntu
> provided rsyslog package) being removed.
>
> I expected it to be left behind as with other configuration files, but after
> extracting Ubuntu's package and looking at the 'conffiles' file, I noticed
> that the /usr/lib/tmpfiles.d/00rsyslog.conf file is not listed within.
>
> Is it because that file is not listed within the 'conffiles' file that @apt@
> removes it when upgrading from Ubuntu's version of rsyslog to the version
> provided by the official PPA?
>
> I've updated the GitHub issue with a test run showing the results of
> upgrading.
>
> https://github.com/rsyslog/rsyslog/issues/1655
>
> Thanks in advance for your help.
>
> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
> sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T
> LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed

deoren
On 7/10/17 3:07 PM, David Lang wrote:

 > I've been using rsyslog since 2006 and never seen /usr/lib/tempfiles.d

 From what I've learned it's systemd specific and really came into play
with Ubuntu 15.04, but I only learned about with recent system upgrades
from 14.04 to 16.04 LTS.

 > I don't think any adiscon created package has ever had it. That looks
 > like something that is unique to the ubuntu packaging (it's not in the
 > adiscon packages or in the debian packages)

I checked Debian 9 and that release appears to be handling the rsyslog
configuration the same way as CentOS 7: run as root, do not attempt to
drop privileges. Ubuntu's rsyslog package on the other hand does make
the attempt, as does the package provided by the Ubuntu PPA.

Provided that the local sysadmin doesn't rely on dynamic file creation
and instead pre-creates any needed log files, an override for the
/usr/lib/tmpfiles.d/var.conf does not appear to be necessary.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed

David Lang
On Mon, 10 Jul 2017, deoren wrote:

> I checked Debian 9 and that release appears to be handling the rsyslog
> configuration the same way as CentOS 7: run as root, do not attempt to drop
> privileges. Ubuntu's rsyslog package on the other hand does make the attempt,
> as does the package provided by the Ubuntu PPA.
>
> Provided that the local sysadmin doesn't rely on dynamic file creation and
> instead pre-creates any needed log files, an override for the
> /usr/lib/tmpfiles.d/var.conf does not appear to be necessary.

If there is something new that's needed to let rsyslog create files as needed,
that's a significant regression and should be fixed upstream in whatever is
requiring it.

Especially with dynafiles, it's not possible to create all the log files ahead
of time.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed

deoren
On 7/10/17 5:13 PM, David Lang wrote:

> On Mon, 10 Jul 2017, deoren wrote:
>
>> I checked Debian 9 and that release appears to be handling the rsyslog
>> configuration the same way as CentOS 7: run as root, do not attempt to
>> drop privileges. Ubuntu's rsyslog package on the other hand does make
>> the attempt, as does the package provided by the Ubuntu PPA.
>>
>> Provided that the local sysadmin doesn't rely on dynamic file creation
>> and instead pre-creates any needed log files, an override for the
>> /usr/lib/tmpfiles.d/var.conf does not appear to be necessary.
>
> If there is something new that's needed to let rsyslog create files as
> needed, that's a significant regression and should be fixed upstream in
> whatever is requiring it.
>
> Especially with dynafiles, it's not possible to create all the log files
> ahead of time.
>
> David Lang

Hi David,

My comment wasn't as clear as it should have been. The
/usr/lib/tmpfiles.d/var.conf file targets specific directories and one
of those is /var/log. By default /var/log is set to 0755, so if rsyslog
is to generate files dynamically at the root of /var/log, then the
override is needed. Otherwise, if you specify that files are to be
dynamically created within a subdirectory that rsyslog has access to
('/var/log/rsyslog_clients' for example) then dynamic files are created
properly.

Dynamic filename generation within a subdirectory is working fine for me
now with rsyslog 8.27.0 from the PPA. It's the dynamic creation within
/var/log that is not working when using the PPA.
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed

David Lang
On Mon, 10 Jul 2017, deoren wrote:

> On 7/10/17 5:13 PM, David Lang wrote:
>> On Mon, 10 Jul 2017, deoren wrote:
>>
>>> I checked Debian 9 and that release appears to be handling the rsyslog
>>> configuration the same way as CentOS 7: run as root, do not attempt to
>>> drop privileges. Ubuntu's rsyslog package on the other hand does make the
>>> attempt, as does the package provided by the Ubuntu PPA.
>>>
>>> Provided that the local sysadmin doesn't rely on dynamic file creation and
>>> instead pre-creates any needed log files, an override for the
>>> /usr/lib/tmpfiles.d/var.conf does not appear to be necessary.
>>
>> If there is something new that's needed to let rsyslog create files as
>> needed, that's a significant regression and should be fixed upstream in
>> whatever is requiring it.
>>
>> Especially with dynafiles, it's not possible to create all the log files
>> ahead of time.
>>
>> David Lang
>
> Hi David,
>
> My comment wasn't as clear as it should have been. The
> /usr/lib/tmpfiles.d/var.conf file targets specific directories and one of
> those is /var/log. By default /var/log is set to 0755, so if rsyslog is to
> generate files dynamically at the root of /var/log, then the override is
> needed. Otherwise, if you specify that files are to be dynamically created
> within a subdirectory that rsyslog has access to ('/var/log/rsyslog_clients'
> for example) then dynamic files are created properly.
>
> Dynamic filename generation within a subdirectory is working fine for me now
> with rsyslog 8.27.0 from the PPA. It's the dynamic creation within /var/log
> that is not working when using the PPA.

Please file a bug within Ubuntu, rsyslog (or any other program) should not need
special configs to create files in directories they have permissions to, and if
they configure rsyslog to not have permission to create files in /var/log, they
have done something very stupid.

How have they managed to do this? have they changed the AppArmor configs to no
longer allow rsyslog to create files in /var/log? If they did, they should
revert to the prior permissions.

My Ubuntu desktop doesn't even have a /usr/lib/tempfiles.d directory.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed

deoren
On 7/10/17 5:28 PM, David Lang wrote:

> On Mon, 10 Jul 2017, deoren wrote:
>>
>> Hi David,
>>
>> My comment wasn't as clear as it should have been. The
>> /usr/lib/tmpfiles.d/var.conf file targets specific directories and one
>> of those is /var/log. By default /var/log is set to 0755, so if
>> rsyslog is to generate files dynamically at the root of /var/log, then
>> the override is needed. Otherwise, if you specify that files are to be
>> dynamically created within a subdirectory that rsyslog has access to
>> ('/var/log/rsyslog_clients' for example) then dynamic files are
>> created properly.
>>
>> Dynamic filename generation within a subdirectory is working fine for
>> me now with rsyslog 8.27.0 from the PPA. It's the dynamic creation
>> within /var/log that is not working when using the PPA.
>
> Please file a bug within Ubuntu, rsyslog (or any other program) should
> not need special configs to create files in directories they have
> permissions to, and if they configure rsyslog to not have permission to
> create files in /var/log, they have done something very stupid.

Without an override in place, the permissions are being reset on boot
for the /var/log directory to 0755, ownership of root:syslog. The
/usr/lib/tmpfiles.d/00rsyslog.conf file overrides the systemd default
configuration to set 0775 on boot.

> My Ubuntu desktop doesn't even have a /usr/lib/tempfiles.d directory.

What Ubuntu release are you using?

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed

David Lang
On Mon, 10 Jul 2017, deoren wrote:

> Without an override in place, the permissions are being reset on boot for the
> /var/log directory to 0755, ownership of root:syslog. The
> /usr/lib/tmpfiles.d/00rsyslog.conf file overrides the systemd default
> configuration to set 0775 on boot.

that seems like a bug in Ubuntu

>> My Ubuntu desktop doesn't even have a /usr/lib/tempfiles.d directory.
>
> What Ubuntu release are you using?

I'm on 17.04 now.

David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Ubuntu >= 16.04: Upgrading stock rsyslog package via PPA results in /usr/lib/tmpfiles.d/00rsyslog.conf file being removed

deoren
On 7/10/17 6:58 PM, David Lang wrote:
> On Mon, 10 Jul 2017, deoren wrote:
>
>> Without an override in place, the permissions are being reset on boot
>> for the /var/log directory to 0755, ownership of root:syslog. The
>> /usr/lib/tmpfiles.d/00rsyslog.conf file overrides the systemd default
>> configuration to set 0775 on boot.


My acid test thus far is:

1. Open terminal
2. List current permissions: ls -la /var/log (or getfacl /var/log)
3. Change to something else: sudo chmod -v g-w (or sudo chmod -v g+w)
4. Reboot
5. Repeat step 2

> that seems like a bug in Ubuntu

For better or worse, I think this behavior an intentional design choice
for systemd.

Upstream systemd docs:

https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html
https://github.com/systemd/systemd/blob/master/tmpfiles.d/var.conf.m4

Ubuntu 17.04:

http://manpages.ubuntu.com/manpages/zesty/en/man5/tmpfiles.d.5.html
http://manpages.ubuntu.com/manpages/zesty/en/man8/systemd-tmpfiles.8.html


Although it is not an exhaustive list (just what I've tested over the
last few days), I've observed that on all of these distros/desktops (at
least via a fresh install), the change to /var/log is reverted back to
whatever is set within '/usr/lib/tmpfiles.d/var.conf':

* CentOS 7
* Debian 8
* Debian 9
* Ubuntu 15.04
* Ubuntu 15.10
* Ubuntu 16.04
* Ubuntu 17.04

Here is the output from me setting the permissions (Ubuntu 15.10 I
believe) to something undesirable for /var/log (though it doesn't have
to be that way, I'm just choosing something obviously wrong for
illustration):

root@ubuntu-virtual-machine:~# chmod 700 /var/log
root@ubuntu-virtual-machine:~# getfacl /var/log
getfacl: Removing leading '/' from absolute path names
# file: var/log
# owner: root
# group: syslog
user::rwx
group::---
other::---

root@ubuntu-virtual-machine:~# reboot

ubuntu@ubuntu-virtual-machine:~$ getfacl /var/log
getfacl: Removing leading '/' from absolute path names
# file: var/log
# owner: root
# group: syslog
user::rwx
group::rwx
other::r-x

ubuntu@ubuntu-virtual-machine:~$ grep '/var/log ' /usr/lib/tmpfiles.d/*.conf
/usr/lib/tmpfiles.d/00rsyslog.conf:# Override systemd's default
tmpfiles.d/var.conf to make /var/log writable by
/usr/lib/tmpfiles.d/00rsyslog.conf:d /var/log 0775 root syslog -
/usr/lib/tmpfiles.d/var.conf:d /var/log 0755 - - -


Regarding the /usr/lib/tmpfiles.d directory itself, here is what I get
on Debian 9 when I ask dpkg to list packages that own the
/usr/lib/tmpfiles.d directory:

root@debian9:/home/debian# dpkg -S /usr/lib/tmpfiles.d/
openssh-server, sudo, colord, gvfs-common, systemd, dbus, lvm2, man-db,
passwd, open-vm-tools-desktop: /usr/lib/tmpfiles.d

>>> My Ubuntu desktop doesn't even have a /usr/lib/tempfiles.d directory.

Check for a '/usr/lib/tmpfiles.d' directory. It seems to be standard now
for systemd dependent distros.

>> What Ubuntu release are you using?
>
> I'm on 17.04 now.

Here is what I see on a fresh Ubuntu 16.04 x64 desktop installation
(VMware Workstation):

ubuntu@ubuntu-virtual-machine:~$ ls -l /usr/lib/tmpfiles.d/ | head
total 68
-rw-r--r-- 1 root root  238 Dec  2  2015 00rsyslog.conf
-rw-r--r-- 1 root root  153 Dec  1  2015 dbus.conf
-rw-r--r-- 1 root root  577 Jan 12 08:08 debian.conf
-rw-r--r-- 1 root root  595 May 18  2016 gvfsd-fuse-tmpfiles.conf
-rw-r--r-- 1 root root  362 Jan 18 16:04 home.conf
-rw-r--r-- 1 root root 1098 Jan 18 16:04 journal-nocow.conf
-rw-r--r-- 1 root root  812 Jan 18 16:04 legacy.conf
-rw-r--r-- 1 root root   61 Apr 16  2016 lvm2.conf
-rw-r--r-- 1 root root   34 Nov  6  2015 man-db.conf

and what I see on a fresh Ubuntu 17.04 x64 desktop installation:

ubuntu@ubuntu-virtual-machine:~$ ls -l /usr/lib/tmpfiles.d/ | head
total 72
-rw-r--r-- 1 root root  238 Dec  2  2015 00rsyslog.conf
-rw-r--r-- 1 root root   78 Sep  6  2016 colord.conf
-rw-r--r-- 1 root root  153 Aug 15  2016 dbus.conf
-rw-r--r-- 1 root root  577 Mar 28 08:18 debian.conf
-rw-r--r-- 1 root root  595 Mar 28 16:26 gvfsd-fuse-tmpfiles.conf
-rw-r--r-- 1 root root  362 Mar 28 10:59 home.conf
-rw-r--r-- 1 root root 1098 Mar 28 10:59 journal-nocow.conf
-rw-r--r-- 1 root root  812 Mar 28 10:59 legacy.conf
-rw-r--r-- 1 root root   61 Mar 27 02:23 lvm2.conf




_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
Loading...