pagaille
(Matthieu Gaillet)
July 18, 2020, 5:30am
1
Hi there,
Since the recent update, I receive a daily message from logrotate complaining that the rights on ntopng’s log files folder aren’s set right.
error: skipping “/var/lib/ntopng/ntopng_access.log” because parent directory has insecure permissions (It’s world writable or writable by group which is not “root”) Set “su” directive in config file to tell logrotate which user/group should be used for rotation.
# ls -lai /var/lib/ntopng/
$total 76
68633656 drwxrwxrwx 16 ntopng ntopng 4096 Jul 11 16:35 .
134320262 drwxr-xr-x. 87 root root 4096 Jun 30 04:27 ..
136051667 drwxrwxrwx 9 ntopng ntopng 141 Jul 20 2019 0
3538585 drwxrwxrwx 8 ntopng ntopng 98 Jan 21 2018 1
3560131878 drwx------ 5 ntopng ntopng 63 Jun 30 04:28 -1
2960885 drwx------ 5 ntopng ntopng 47 Nov 26 2018 10
872436091 drwxrwxrwx 5 ntopng ntopng 47 Oct 21 2017 2
1006653829 drwxrwxrwx 6 ntopng ntopng 65 Dec 30 2017 3
1140898593 drwxrwxrwx 3 ntopng ntopng 24 May 17 2017 4
738213639 drwxrwxrwx 3 ntopng ntopng 24 May 17 2017 46
2457548 drwxrwxrwx 3 ntopng ntopng 24 May 17 2017 5
140377780 drwxrwxrwx 6 ntopng ntopng 65 Nov 26 2018 6
268472122 drwxrwxrwx 3 ntopng ntopng 24 May 17 2017 7
5570037643 drwx------ 2 ntopng ntopng 4096 Jul 18 00:00 category_lists
68633601 -rw-r--r-- 1 root root 0 Jun 30 04:27 .lock
68633602 -rw------- 1 ntopng ntopng 37977 Jul 11 16:27 ntopng_access.log
9596567690 drwx------ 11 ntopng ntopng 4096 Jul 11 16:25 plugins0
134657917 drwx------ 11 ntopng ntopng 4096 Jul 11 16:35 plugins1
68633600 -rw-r--r-- 1 ntopng ntopng 13732 Jul 18 07:31 runtimeprefs.json
Any idea ?
Matthieu
mrmarkuz
(Markus Neuberger)
July 18, 2020, 1:37pm
2
Weird, here it looks ok.
I’d try to chmod 700
the dirs owned by ntopng to correct permissions and restart the service and try logrotate -dv /etc/logrotate.conf
to check if the error still occurs.
[root@server ~]# ls -lai /var/lib/ntopng/
total 16
33769488 drwx------ 9 ntopng ntopng 135 Jul 18 01:53 .
33554510 drwxr-xr-x. 72 root root 4096 Jul 8 00:32 ..
67337323 drwx------ 5 ntopng ntopng 50 Jul 8 00:32 0
34021522 drwx------ 5 ntopng ntopng 50 Jul 8 00:32 1
67166332 drwx------ 5 ntopng ntopng 50 Jul 8 00:32 -1
2770 drwx------ 6 ntopng ntopng 69 Jul 8 00:33 2
2057316 drwx------ 2 ntopng ntopng 209 Jul 18 02:00 category_lists
38948307 -rw-r--r-- 1 root root 0 Jul 8 00:32 .lock
67385752 drwx------ 11 ntopng ntopng 208 Jul 18 01:43 plugins0
38941502 drwx------ 11 ntopng ntopng 208 Jul 18 01:53 plugins1
38988795 -rw------- 1 ntopng ntopng 10979 Jul 18 15:24 runtimeprefs.json
There was a bug some time ago:
opened 08:20PM - 26 Sep 17 UTC
closed 02:48PM - 03 Oct 17 UTC
Both src/Utils.cpp & src/Ntop.cpp call umask(0), causing directories created beneath /var/lib/ntopng and /var/tmp/ntopng to be created with world-writable permissions drwxrwxrwx.
All files...
pagaille
(Matthieu Gaillet)
July 18, 2020, 3:13pm
3
Yep, I also found that weird.
Your fix seem to work. No complaints from logrotate as far as i can see.
perms are now :
# ls -lai
total 72
68633656 drwx------ 15 ntopng ntopng 4096 Jul 18 17:09 .
134320262 drwxr-xr-x. 87 root root 4096 Jun 30 04:27 ..
136051667 drwx------ 9 ntopng ntopng 141 Jul 20 2019 0
3538585 drwx------ 8 ntopng ntopng 98 Jan 21 2018 1
3560131878 drwx------ 5 ntopng ntopng 63 Jun 30 04:28 -1
2960885 drwx------ 5 ntopng ntopng 47 Nov 26 2018 10
872436091 drwx------ 5 ntopng ntopng 47 Oct 21 2017 2
1006653829 drwx------ 6 ntopng ntopng 65 Dec 30 2017 3
1140898593 drwx------ 3 ntopng ntopng 24 May 17 2017 4
738213639 drwx------ 3 ntopng ntopng 24 May 17 2017 46
2457548 drwx------ 3 ntopng ntopng 24 May 17 2017 5
140377780 drwx------ 6 ntopng ntopng 65 Nov 26 2018 6
268472122 drwx------ 3 ntopng ntopng 24 May 17 2017 7
5570037643 drwx------ 2 ntopng ntopng 4096 Jul 18 00:00 category_lists
68633601 -rw-r--r-- 1 root root 0 Jun 30 04:27 .lock
68633602 -rw------- 1 ntopng ntopng 37977 Jul 11 16:27 ntopng_access.log
8522830001 drwx------ 11 ntopng ntopng 4096 Jul 18 17:09 plugins0
68633600 -rw-r--r-- 1 ntopng ntopng 13726 Jul 18 17:10 runtimeprefs.json
Notice that the access log file is there now and that it dates back from some days !?
Strange bug.
mrmarkuz
(Markus Neuberger)
July 18, 2020, 3:26pm
4
Did you restart the ntopng service? I guess you need to use the ntopng UI to force new log entries.