"bird -p" creates log file owned by root

Brian Candler b.candler at pobox.com
Fri Apr 24 13:14:56 CEST 2020 

Hello,

I'm testing out the bird2 2.0.7 package from the PPA under Ubuntu 18.04, 
and I've found a problem with permissions on log files when run under 
systemd.

I created a directory /var/log/bird/ owned by bird:bird, and configured 
logging as:

log "/var/log/bird/bird.log" all;


This works fine when I start bird by hand:

root at rs1:/etc/bird# ls -l /var/log/bird
total 0
root at rs1:/etc/bird# /usr/sbin/bird -f -u bird -g bird
^C
root at rs1:/etc/bird# ls -l /var/log/bird
total 4
-rw-r--r-- 1 bird bird 39 Apr 24 11:00 bird.log


The problem is that when running under systemd, the log file is created 
owned by root:root and this causes bird to crash with a permissions error:

root at rs1:/etc/bird# rm /var/log/bird/bird.log

root at rs1:/etc/bird# systemctl start bird
root at rs1:/etc/bird# ls -l /var/log/bird
total 0
-rw-r--r-- 1 root root 0 Apr 24 11:03 bird.log
root at rs1:/etc/bird# journalctl -eu bird
...
Apr 24 11:01:28 rs1 systemd[1]: Starting BIRD Internet Routing Daemon...
Apr 24 11:01:28 rs1 systemd[1]: Started BIRD Internet Routing Daemon.
Apr 24 11:01:28 rs1 bird[1849]: /etc/bird/bird.conf:9:30 Unable to open 
log file '/var/log/bird/bird.log': Permission denied
Apr 24 11:01:28 rs1 bird[1849]: bird: /etc/bird/bird.conf:9:30 Unable to 
open log file '/var/log/bird/bird.log': Permission denied
Apr 24 11:01:28 rs1 systemd[1]: bird.service: Main process exited, 
code=exited, status=1/FAILURE
Apr 24 11:01:28 rs1 systemd[1]: bird.service: Failed with result 
'exit-code'.


I found the cause.  /lib/systemd/system/bird.service includes the line 
"ExecStartPre=/usr/sbin/bird -p", and if the log file doesn't exist, it 
creates it owned by root:root

root at rs1:/etc/bird# rm /var/log/bird/bird.log
root at rs1:/etc/bird# /usr/sbin/bird -p
root at rs1:/etc/bird# ls -l /var/log/bird/bird.log
-rw-r--r-- 1 root root 0 Apr 24 11:07 /var/log/bird/bird.log


The documentation for the -p flag states:

        -p
            Just parse the config file and exit. Return value is zero if 
the config file is valid, nonzero if there are some errors.

So it seems like a bug that it creates the log file.


Workaround is to create the log file manually first:

root at rs1:/etc/bird# touch /var/log/bird/bird.log
root at rs1:/etc/bird# chown bird:bird /var/log/bird/bird.log

You would have to be careful whenever rotating the log file too.

Cheers,

Brian.

More information about the Bird-users mailing list