"bird -p" creates log file owned by root
Brian Candler
b.candler at pobox.com
Fri Apr 24 13:14:56 CEST 2020
Hello,
I'm testing out the bird2 2.0.7 package from the PPA under Ubuntu 18.04,
and I've found a problem with permissions on log files when run under
systemd.
I created a directory /var/log/bird/ owned by bird:bird, and configured
logging as:
log "/var/log/bird/bird.log" all;
This works fine when I start bird by hand:
root at rs1:/etc/bird# ls -l /var/log/bird
total 0
root at rs1:/etc/bird# /usr/sbin/bird -f -u bird -g bird
^C
root at rs1:/etc/bird# ls -l /var/log/bird
total 4
-rw-r--r-- 1 bird bird 39 Apr 24 11:00 bird.log
The problem is that when running under systemd, the log file is created
owned by root:root and this causes bird to crash with a permissions error:
root at rs1:/etc/bird# rm /var/log/bird/bird.log
root at rs1:/etc/bird# systemctl start bird
root at rs1:/etc/bird# ls -l /var/log/bird
total 0
-rw-r--r-- 1 root root 0 Apr 24 11:03 bird.log
root at rs1:/etc/bird# journalctl -eu bird
...
Apr 24 11:01:28 rs1 systemd[1]: Starting BIRD Internet Routing Daemon...
Apr 24 11:01:28 rs1 systemd[1]: Started BIRD Internet Routing Daemon.
Apr 24 11:01:28 rs1 bird[1849]: /etc/bird/bird.conf:9:30 Unable to open
log file '/var/log/bird/bird.log': Permission denied
Apr 24 11:01:28 rs1 bird[1849]: bird: /etc/bird/bird.conf:9:30 Unable to
open log file '/var/log/bird/bird.log': Permission denied
Apr 24 11:01:28 rs1 systemd[1]: bird.service: Main process exited,
code=exited, status=1/FAILURE
Apr 24 11:01:28 rs1 systemd[1]: bird.service: Failed with result
'exit-code'.
I found the cause. /lib/systemd/system/bird.service includes the line
"ExecStartPre=/usr/sbin/bird -p", and if the log file doesn't exist, it
creates it owned by root:root
root at rs1:/etc/bird# rm /var/log/bird/bird.log
root at rs1:/etc/bird# /usr/sbin/bird -p
root at rs1:/etc/bird# ls -l /var/log/bird/bird.log
-rw-r--r-- 1 root root 0 Apr 24 11:07 /var/log/bird/bird.log
The documentation for the -p flag states:
-p
Just parse the config file and exit. Return value is zero if
the config file is valid, nonzero if there are some errors.
So it seems like a bug that it creates the log file.
Workaround is to create the log file manually first:
root at rs1:/etc/bird# touch /var/log/bird/bird.log
root at rs1:/etc/bird# chown bird:bird /var/log/bird/bird.log
You would have to be careful whenever rotating the log file too.
Cheers,
Brian.
More information about the Bird-users
mailing list