Updating bird.conf to point to non-syslog log file results in incorrect log ownership, no logs written, service failure
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bird (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
This bug is easy to reproduce with the default configuration:
Install bird, 1.6.3-3 for example and start the service with the defaults values. This will create and start the services to run as the 'bird' user and 'bird' group (BIRD_RUN_USER, BIRD_RUN_GROUP)
system(1) will show this working correctly, and relevant bird log entries will appear in /var/log/syslog as expected:
$ sudo service bird status
● bird.service - BIRD Internet Routing Daemon (IPv4)
Loaded: loaded (/lib/systemd/
Active: active (running) since Wed 2020-03-18 10:11:50 EDT; 14s ago
Main PID: 23485 (bird)
Tasks: 1 (limit: 4915)
CGroup: /system.
└─23485 /usr/sbin/bird -f -u bird -g bird
Mar 18 10:11:50 hades-nuc systemd[1]: Starting BIRD Internet Routing Daemon (IPv4)...
Mar 18 10:11:50 hades-nuc systemd[1]: Started BIRD Internet Routing Daemon (IPv4).
Mar 18 10:11:50 hades-nuc bird[23485]: Started
Update your /etc/bird/bird.conf and point the 'log' line to something like the following:
log "/var/log/bird.log" all;
Now restart the bird service:
$ sudo service bird status
● bird.service - BIRD Internet Routing Daemon (IPv4)
Loaded: loaded (/lib/systemd/
Active: failed (Result: exit-code) since Wed 2020-03-18 10:20:44 EDT; 9s ago
Process: 25376 ExecStart=
Process: 25375 ExecStartPre=
Process: 25369 ExecStartPre=
Main PID: 25376 (code=exited, status=1/FAILURE)
Mar 18 10:20:44 hades-nuc systemd[1]: Stopped BIRD Internet Routing Daemon (IPv4).
Mar 18 10:20:44 hades-nuc systemd[1]: Starting BIRD Internet Routing Daemon (IPv4)...
Mar 18 10:20:44 hades-nuc systemd[1]: Started BIRD Internet Routing Daemon (IPv4).
Mar 18 10:20:44 hades-nuc systemd[1]: bird.service: Main process exited, code=exited, status=1/FAILURE
Mar 18 10:20:44 hades-nuc bird[25376]: bird: /etc/bird/
Mar 18 10:20:44 hades-nuc systemd[1]: bird.service: Failed with result 'exit-code'.
If you look at /var/log/bird.log, you'll see it is owned by 'root:root', not the expected 'bird:bird' as the original socket files (/var/run/bird.ctl, /var/run/
This appears to be related to the parsing of bird.conf before privs are dropped and files created.
This can be mitigated with a static workaround in /usr/lib/
diff -u prepare-
--- prepare-
+++ prepare-environment 2020-03-17 15:51:19.496622613 +0000
@@ -2,11 +2,13 @@ set -eu+BIRD_
BIRD_RUN_
. /etc/bird/envvars mkdir --parents "$BIRD_RUN_DIR";
+touch "$BIRD_LOG_FILE" if [ -n "$BIRD_RUN_USER" ]; then
if ! getent passwd $BIRD_RUN_USER >/dev/null; then
@@ -22,7 +24,6 @@
fi
fi-chown --silent "$BIRD_
+chown --silent "$BIRD_
chmod 775 "$BIRD_RUN_DIR"
-
:
Thoughts?
That's not specific to bird, any daemon running as non-root have this problem, and usually it's solved by doing:
mkdir -p /var/log/bird
chown bird: /var/log/bird
and configuring the logfile to /var/log/ bird/bird. log
I don't think the needs to be fixed at the package level, and on the contrary the prepare-environment should be converted to systemd-tmpfiles.