Logrotate of lighttpd logs failing due to directory permissions

iefbr14 · January 14, 2018, 3:46pm

Expected Behaviour:

log files in /var/log/lighttpd get rotated per configuration in /etc/logrotate.d/lighttpd

Actual Behaviour:

files do NOT rotate, and following error emits from sudo logrotate -v /etc/logrotate.d/lighttpd
.
reading config file /etc/logrotate.d/lighttpd . Handling 1 logs . rotating pattern: /var/log/lighttpd/*.log weekly (12 rotations) empty log files are not rotated, old logs are removed considering log /var/log/lighttpd/access.log error: skipping "/var/log/lighttpd/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. considering log /var/log/lighttpd/error.log error: skipping "/var/log/lighttpd/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. not running postrotate script, since no logs were rotated

/var/log/lighttpd directory is
drwxrwxrwx 2 www-data www-data 4096 Jan 2 03:05 lighttpd

obviously this should be an easy fix, but since i haven't mucked with the lighttpd directory (owned by www-data) or its logrotate configuration, it's broken when default installed. Suggesting future versions of pihole resolve this issue

yes, i am running wheezy.
(note lines with only '.' are there because the [code] tag doesn't seem to handle blank lines correctly, though it IS correct in preview)

iefbr14 · January 14, 2018, 4:16pm

here is my configuration file /etc/logrotate.d/lighttpd after my changes


/var/log/lighttpd/*.log {

su www-data www-data

# add su line above; iefbr14

weekly

missingok

rotate 12

compress

delaycompress

notifempty

sharedscripts

postrotate

if [ -x /usr/sbin/invoke-rc.d ]; then 

invoke-rc.d lighttpd reopen-logs > /dev/null 2>&1; 

else 

/etc/init.d/lighttpd reopen-logs > /dev/null 2>&1; 

fi; 

endscript

}

(sorry about the indenting; the [code] tag is munging it :( )

Mcat12 · January 14, 2018, 9:21pm

This sounds like just a lighttpd issue. As far as I know, we don't modify that directory or change lighttpd's logrotate configuration at all.

iefbr14 · January 14, 2018, 10:00pm

there is an old bug (from 2006, #380080 - lighttpd: logrotate stops servers, and sometimes it does not starts again - Debian Bug report logs) related to logrotate and lighttpd not restarting on debian, but i'm not seeing that particular issue.

i have another pi i can experiment with, so i'll install lighttpd by itself, and then pihole, to see if i can reproduce the issue, and where it gets introduced. that will likely take a week or so due to my work schedule

Mcat12 · January 14, 2018, 10:01pm

If you update to a supported operating system such as Debian Stretch, I think it would work fine.