Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1966367
Summary: | nginx doesn't reopen the log file | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Alex <redhat> |
Component: | nginx | Assignee: | Felix Kaechele <felix> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 33 | CC: | felix, jeremy, jkaluza, jorton, luhliari, ollie.yeoh, pavel.lisy, peter.borsa, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nginx-1.20.1-2.fc34 nginx-1.20.1-2.fc33 nginx-1.20.1-2.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-06-11 01:12:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Alex
2021-06-01 00:31:38 UTC
Hi there. Thanks for taking the time to file this detailed report. I assume it relates to the changes to the log file permissions in the recent update. I have built a test version in my staging COPR: https://copr.fedorainfracloud.org/coprs/heffer/nginx-el7-staging/ Can you enable that repo, update the package and try again? Essentially what this does is set /var/log/nginx to root:root ownership with a mode of 711 and brings back logrotate to create new log files as nginx:root in mode 640. We do this to prevent the web user from creating files in that directory (CVE-2016-1247). Upon install your /var/log/nginx directory should be automatically be set to the new permissions but your log files may only change permissions after either running rpm --setperms nginx or by rotating logs forcefully logrotate -f /etc/logrotate.d/nginx -v My own local testing shows that the nginx worker processes are then able to open the logfiles again. Thanks again for your effort reporting and testing this! Hi I installed a package from your repo, permissions for /var/log/nginx changed. And now works again. Thanks! FEDORA-2021-b37cffac0d has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-b37cffac0d FEDORA-EPEL-2021-8c50b78c57 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-8c50b78c57 FEDORA-EPEL-2021-8c50b78c57 has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-8c50b78c57 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-b37cffac0d has been pushed to the Fedora 33 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-b37cffac0d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-b37cffac0d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-393d698493 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-393d698493` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-393d698493 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2021-393d698493 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2021-b37cffac0d has been pushed to the Fedora 33 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-EPEL-2021-8c50b78c57 has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report. |