873514 – net-misc/ntpsec fails to log properly (ntpd[1000]: LOG: check_logfile: couldn't open /var/log/ntpd.log Permission denied)

Bug 873514 - net-misc/ntpsec fails to log properly (ntpd[1000]: LOG: check_logfile: couldn't open /var/log/ntpd.log Permission denied)

Summary: net-misc/ntpsec fails to log properly (ntpd[1000]: LOG: check_logfile: couldn...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Sebastian Pipping

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-09-29 19:02 UTC by ta2002
Modified:	2023-04-16 22:39 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ta2002 2022-09-29 19:02:35 UTC

The ntpd.log file contains almost nothing but the following message:

2022-09-20T00:00:00 ntpd[1000]: LOG: check_logfile: couldn't open /var/log/ntpd.log Permission denied

The process (running as the ntp user) can't write to the root:root ntpd.log. In the source tarball, the following file apparent assumes an ntpd daemon run as root.

etc/logrotate-config.ntp

This patch should fix the problem:

--- ntpsec-1.2.1/etc/logrotate-config.ntpd 2022-06-17 13:28:23.647457020 +0000
+++ ntpsec-1.2.1/etc/logrotate-config.ntpd 2022-09-30 00:00:00.000000000 +0000
@@ -5,6 +5,7 @@
 
 /var/log/ntpd.log {
     monthly
+    create 0640 ntp root
     missingok
     postrotate
       /usr/bin/killall -HUP ntpd

Comment 1 Sebastian Pipping gentoo-dev

2023-04-14 20:33:11 UTC

I just installed net-misc/ntpsec-1.2.2: it does not install a file /etc/logrotate-config.ntpd for me.  Adding "logfile /var/log/ntpd.log" to file /etc/ntp.conf seems to make logging to /var/log/ntpd.log work flawlessly, after a restart of the ntpd service.  So it appears working to me with 1.2.2.

Comment 2 Sebastian Pipping gentoo-dev

2023-04-14 22:31:28 UTC

After a bit of runtime, I do see this line appear in /var/log/ntpd.log:

  2023-04-14T23:27:03 ntpd[11555]: LOG: check_logfile: couldn't open /var/log/ntpd.log Permission denied

Given that ntpd has dropped privileges, this message seems ironic but accurate.
A quick look at function "check_logfile" in 1.2.2 sources reveals that it tries to re-open the log file in case of log-rotation.  So if the daemon is running as ntp:ntp and logrotation is used, /var/log/ntpd.log cannot be owned by root:root, I see.

Comment 3 Larry the Git Cow gentoo-dev

2023-04-16 22:39:51 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32df79e74beff72d36dae363e53f2d16808c356a

commit 32df79e74beff72d36dae363e53f2d16808c356a
Author:     Sebastian Pipping <sping@gentoo.org>
AuthorDate: 2023-04-16 22:35:38 +0000
Commit:     Sebastian Pipping <sping@gentoo.org>
CommitDate: 2023-04-16 22:35:38 +0000

    net-misc/ntpsec: Fix logrotate config
    
    Closes: https://bugs.gentoo.org/873514
    Signed-off-by: Sebastian Pipping <sping@gentoo.org>

 net-misc/ntpsec/files/ntpsec-1.2.2-logrotate.patch |  26 ++++
 net-misc/ntpsec/ntpsec-1.2.2-r1.ebuild             | 164 +++++++++++++++++++++
 net-misc/ntpsec/ntpsec-9999.ebuild                 |   1 +
 3 files changed, 191 insertions(+)