Running logrotate under cron in a systemd system results in spurious permission errors. It appears that arch at least has timer files for logrotate. I have not checked to see if they're in the source and we just haven't updated to include them. It'd be nice if these timers were installed and running when logrotate was installed. Reproducible: Always Steps to Reproduce: 1. Use systemd 2. Install logrotate 3. Watch logrotate fail under cron Actual Results: Permission errors from logrotate running under cron on systemd system. Expected Results: Successfully running logrotate process using systemd timers.
Don't have a systemd installation ATM @systemd team: Could you please take a look?. Thanks.
Looks like arch has the necessary systemd unit and timer file at this URL: https://projects.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/logrotate I'll see about adding this in my overlay so I can supply an updated ebuild as well.
(In reply to Alex Brandt from comment #0) > Running logrotate under cron in a systemd system results in spurious > permission errors. That doesn't make any sense. Please elaborate. The problem I see with installing timer units is we would also need to disable the cron files to avoid running logrotate under both systemd and cron.
@floppym, When running logrotate via cron.daily under fcron in a systemd environment I receive this output rather than a successful run of logrotate: error: error setting owner of /var/log/portage/elog/summary.log-20140817.gz to uid 1000 and gid 250: Operation not permitted fopen: Permission denied This is probably due to fcron but it works under openrc without any modifications (after emerge that is). I'm also not sure if the fopen error is related but can't think of anything else that might be running that would report that error. Any guidance would be appreciated.
(In reply to Alex Brandt from comment #4) > @floppym, > > When running logrotate via cron.daily under fcron in a systemd environment I > receive this output rather than a successful run of logrotate: > > error: error setting owner of /var/log/portage/elog/summary.log-20140817.gz > to uid 1000 and gid 250: Operation not permitted Have you modified /etc/logrotate.d/elog-save-summary? That uid should be 250 (portage) by default. I suspect there is something wrong with your logrotate config, or something inconsistent about the permissions on your log files or /var/log/portage/elog. I can't explain why it would work under openrc. I don't see anything suspicious with the fcron.service file (like CapabilityBoundingSet, etc).
I'm not sure what the problem might be either but it seems like that component is a support issue. Thanks for the pointers and all the permissions look fine. If we don't want to add timers to things like logrotate we should probably mark this bug as invalid. I'll take the issues I'm having with logrotate and fcron under systemd to a proper support forum.
(In reply to Alex Brandt from comment #6) I think timers make sense, but we still need to figure out how to implement them without having them duplicated if the user happens to have a cron daemon installed. If we didn't have to support 2 different init systems, this would be a lot easier.
Would it be acceptable to simply remove the executable permissions from cron files that are installed if the system uses systemd? Would the systemd use flag be appropriate for this purpose?
(In reply to Alex Brandt from comment #8) > Would it be acceptable to simply remove the executable permissions from cron > files that are installed if the system uses systemd? Would the systemd use > flag be appropriate for this purpose? Define "system uses systemd." It isn't the same as system has systemd installed, or USE=systemd is set, etc. I use systemd timers but for distro-provided cron scripts it probably makes more sense to keep putting them in /etc/cron.d/ directories and using something like systemd-cron to run them, or whatever cron the user prefers.
(In reply to Richard Freeman from comment #9) > Define "system uses systemd." It isn't the same as system has systemd > installed, or USE=systemd is set, etc. Good point. > I use systemd timers but for distro-provided cron scripts it probably makes > more sense to keep putting them in /etc/cron.d/ directories and using > something like systemd-cron to run them, or whatever cron the user prefers. I would propose we install the timers for things like logrotate but continue enabling the cron files by default. If the user wants to they can manually disable the cron components and enable the timers. Would that be acceptable?
(In reply to Alex Brandt from comment #10) > (In reply to Richard Freeman from comment #9) > > Define "system uses systemd." It isn't the same as system has systemd > > installed, or USE=systemd is set, etc. > > Good point. > > > I use systemd timers but for distro-provided cron scripts it probably makes > > more sense to keep putting them in /etc/cron.d/ directories and using > > something like systemd-cron to run them, or whatever cron the user prefers. > > I would propose we install the timers for things like logrotate but continue > enabling the cron files by default. If the user wants to they can manually > disable the cron components and enable the timers. Would that be acceptable? Yes, agree. Or just simply adding the "cron" USE flag like other packages, if the user don't want the cron script, just disable cron USE flag.
Running into this semi-issue with several packages. I would rather see a profile using systemd or USE="systemd" globally default to assuming there is no cron daemon (other than systemd's timers) and then only install the timer/service files in that case. If a package needs a script, perhaps that script should go in /usr/sbin and that path should be referenced in both the systemd unit file *and* the regular cron script file. This way less code is being placed in /etc.
I think that this really needs a discussion at the systemd team level - not at the individual package level. Systemd users can use cron or timers, and they can also use openrc. The solution needs to reflect this and not make assumptions.
cron USE flag now exists, PR adding systemd timer: https://github.com/gentoo/gentoo/pull/4994
Thanks for the PR. It should be fixed now:
