** Description changed:
[Impact]
MySQL's logrotate script fails due to permissions in folders where log
files are stored.
The fix for this should be backported to stable releases to allow log
rotation to complete normally as expected.
The bug is fixed by providing a su directive to the logrotate config to
run the script assuming the mysql user and adm group.
[Test Plan]
Prior to the fix, running
logrotate --force /etc/logrotate.d/mysql-server
will fail with the output
error: skipping "/var/log/mysql.log" because parent directory has
insecure permissions (It's world writable or writable by group which is
not "root") Set "su" directive in config file to tell logrotate which
user/group should be used for rotation.
After the fix, the rotation should succeed
[Where problems could occur]
- Since logs have failed to rotate in noble and later, unexpected problems
- could occur from the log rotation process.
+ Since log rotations often previously failed, the return to consistent
+ rotations could lead to issues for users, either through the creation of
+ additional files or through the rotation process itself.
[Other Info]
This issue was fixed in questing in 8.4.5-0ubuntu2.
The fix will be for the mysql-8.4 package in questing and plucky, and
mysql-8.0 in oracular and earlier.
[Original Description]
The existing logrotate rules file:
/etc/logrotate.d/mysql-server:
# - I put everything in one block and added sharedscripts, so that mysql gets
# flush-logs'd only once.
# Else the binary logs would automatically increase by n times every day.
# - The error log is obsolete, messages go to syslog now.
/var/log/mysql.log /var/log/mysql/*log {
daily
rotate 7
missingok
create 640 mysql adm
compress
sharedscripts
postrotate
test -x /usr/bin/mysqladmin || exit 0
# If this fails, check debian.conf!
MYADMIN="/usr/bin/mysqladmin
--defaults-file=/etc/mysql/debian.cnf"
if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then
# Really no mysqld or rather a missing debian-sys-maint
user?
# If this occurs and is not a error please report a bug.
#if ps cax | grep -q mysqld; then
if killall -q -s0 -umysql mysqld; then
exit 1
fi
else
$MYADMIN flush-logs
fi
endscript
}
Causes logrotate to emit errors:
error: skipping "/var/log/mysql.log" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set
"su" directive in config file to tell logrotate which user/group should be used
for rotation.
However, we could update it with:
su mysql adm
first, which tells logrotate to rotate those files as the same use it is
asking it to create the files as.
** Changed in: mysql-8.0 (Ubuntu Focal)
Status: In Progress => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2112151
Title:
logrotate rules incomplete for mysql
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-8.0/+bug/2112151/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
