error: state file /config/log/logrotate.status is world-readable and thus can be locked from other unprivileged users. Skipping lock acquisition... #240
Comments
|
Was this solved? I'm getting it as well: I tried running: which returns no errors, but running this on it's folder still shows that its world readable: I'm not too schooled in Linux though, so .... |
|
I have the same error under |
|
I have found a possible cause. According to this it could be a matter of changing ownership of the lockfile from [1000,1000] to [root, root] I know that this points to a Fedora forum, but presumably it is using the same package? (It's a bit worrying that no one has picked up on this yet...) |
|
That's not a solution as everything under The solution is to fix the permissions of that file so only the user has read permissions and not the group and other, and most importantly find what's changing the permissions in the first place and stop it. By default the file has the correct permissions. Something on your system is changing it (or perhaps you have your config folder on a remote or mounted share, which we don't support for this reason and others). I checked multiple test and production instances I manage and they all have the correct permissions for that file. |
|
ive also this message and ive changed nothing since weeks ... i think an update from swag is this causing ... and all files are local ... Operating System: Ubuntu 22.04 LTS |
|
Thanks for responding! Is user abc [1000,1000] ? On my system that is dietpi. The directory is on the same file system as the docker container, and I haven't done anything to change any protections Here is a screenshot from winscp
It sounds like you are recommending I remove read permission from group? |
|
It seems I spoke too soon. I'm now getting it as well, but it's a false positive. In other words, it's a bug with logrotate because the file's permissions are not world readable. There was a user who had reported the same issue a few weeks ago but in his case the permissions were indeed wrong. I assumed that was the case here as well (my apologies). I can see now that a change in the upstream package is triggering the error even when it's not world readable, but is group readable. Well push a fix soon, but in the meantime, you can remove the group read perm and the error will go away. Thanks for letting us know. |
|
Many thanks! One last question, I'm fairly new to docker, will the fix
entail a new container pull or anything else?
Thanks again
B
…On Mon, 11 Jul 2022 at 13:38, aptalca ***@***.***> wrote:
It seems I spoke too soon. I'm now getting it as well, but it's a false
positive. In other words, it's a bug with logrotate because the file's
permissions are not world readable.
There was a user who had reported the same issue a few weeks ago but in
his case the permissions were indeed wrong. I assumed that was the case
here as well (my apologies). I can see now that a change in the upstream
package is triggering the error even when it's not world readable, but is
group readable.
Well push a fix soon, but in the meantime, you can remove the group read
perm and the error will go away.
Thanks for letting us know.
—
Reply to this email directly, view it on GitHub
<#240 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AENIQ2JVBRAIGMDAK4YWAMLVTQITLANCNFSM5YTUDNSQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
A new image pull (once pushed by us), and then a container recreation. We recommend docker compose, which does it easily: https://docs.linuxserver.io/general/docker-compose |
|
Thanks for all your help! |
|
I know I closed it, but FYI, group read access gets reset the next day! |
|
It's an upstream issue with logrotate. It erroneously sets the perms of the status file, and then complains about it. Nothing we can do at this point until it's fixed upstream. |
|
Okey doke |
|
For those who may ask. Edit: either it comes back due to a crash and restart or it's useless. |
It is possible to do the |
|
It is logrotate that changes the permissions when it writes to it. Nothing more we can do about it. |
The built-in Nginx server dies periodically. I have to restart SWAG container afterwards. Thanks. |
|
That's likely not related. Logrotate is a separate service. Nginx service auto starts itself. |
|
I am seeing only In my Log for my Docker-compose driven Swag Container and yet I have 2 services that are not accessible through SWAG till I reset them...Daily.. to regain access. the underlying service has not had to be restarted to regain access just SWAG. Can someone direct me at to more verbose log method to try and resolve this issue? It doesn't appear to be related to the allowip6 Thread nor the logrotate state directly but thats the only log entries I see.. |
|
@thematrixdev @CtheCondor I had the same issue about having to restart the container every morning. As you mentioned, SWAG was also complaining about fail2ban & logrotate but these were unrelated. The problem was the certificate renewal process failing. Check out this blog post. If you can confirm, we will need to create a new issue. |
Just several days ago the SSL certificate of a site of my client had expired. Got noticed and complained... |
Why not open a new issue anyways with the problem you're having? Fwiw, I too am getting |
I have just read the article clearly again. I believe the issue I have met was not due to incorrect configuration on domain names, nor port openening, etc. Should not be due to SSL renewal. |
|
@gbytedev Your direction was spot on in my case but not for the reason I thought. in the /etc/letsencrypt/ folder under renewal I had conf for a domain service I deleted a while back but never connected the dots. I removed the info from the proxy configuration and the site-configs but missed the renewal folder somehow. Thanks!! will see if that resolves everything fully tomorrow as a test. |
|
Very annoying yet harmless issue. Did anyone report it for a fix upstream ? |
|
Hi I've got the same error for the first time today. Any idea what's causing it? |
|
I also keep getting the error with version 2.11.0-ls312.
The permissions are set to 0644 every time the container starts. If I manually change them to 0640, they are back to 0644 the next time it starts. The container itself starts with: |
|
Hi thanks in advance for this great support here! @aptalca or anyone else who might know are there any news on this issue? I have the same problem here on my system running version: 2.11.0-ls333. my stack:
|
|
going to go ahead and lock this thread as it's been stated this is an upstream issue with logrotate and not something we can or will spend time on. the "warning" causes no issues with the functioning of the container and is misleading as the file is NOT world readable, it simply has 640 permissions, which logrotate itself is setting, and then complaining about it not being 600. |
|
new update; it is our fault, we found the cause, we have a proposed solution. digging through logrotate.c was not fun; i apologize for my incorrect info above, we'll have a PR out fixing this soon(tm) |
Expected Behavior
normal log output of a healthy running system
Current Behavior
after a number of hours of running, including generating my intial SSL certificate, this error appeared on the log output. I don't know how often it has occurred, how to debug or know whether or not to worry about it.
error: state file /config/log/logrotate.status is world-readable and thus can be locked from other unprivileged users. Skipping lock acquisition...Steps to Reproduce
I'm not sure. I have restarted the system and it looks ok so far.
Environment
OS: Dietpi (Debian?)
CPU architecture: arm64
How docker service was installed:
container_name: nginx-letsencrypt is running under Portainer
Command used to create docker container (run/create/compose/screenshot)
Docker logs
The text was updated successfully, but these errors were encountered: