Your message dated Tue, 23 Sep 2014 14:43:49 +0200 with message-id <54216B05.2020301@debian.org> and subject line Re: Bug#762584: apache2: silently changes user configuration /etc/logrotate.d/apache2 has caused the Debian Bug report #762584, regarding apache2: silently changes user configuration /etc/logrotate.d/apache2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 762584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762584 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: apache2: silently changes user configuration /etc/logrotate.d/apache2
- From: Vincent Lefevre <vincent@vinc17.net>
- Date: Tue, 23 Sep 2014 14:20:24 +0200
- Message-id: <[🔎] 20140923122023.GA11869@ypig.lip.ens-lyon.fr>
Package: apache2 Version: 2.4.10-2 Severity: important Preliminary note: this particular bug is not about the default, but silent configuration change. Due to * Keep fewer logs by default. Instead of 52 weekly logs, keep 14 daily logs. The daily graceful restart also has the advantage of regenerating things like TLS session ticket keys more often. Closes: #759382 the /etc/logrotate.d/apache2 file, which is a user configuration file, has silently been modified, not due to internal change (such as an option rename), but with a real change of the behavior. It is really bad to change user configuration without asking him first. Contrary to what the changelog says, it is not just the default that has changed, but the configuration of existing apache2 web servers (actually the rotation of their log files), which may have run like that for years. This is almost against the Debian policy, which says that local changes must be preserved (this would be a serious bug). In this particular case, this is not a local change, but only because the Debian package had some default settings that could be fine for the user, and there was no way for the user to explicitly say that he wanted to choose (keep) this configuration. After noticing this change with a manual diff on one machine, with diffmon the day after on another machine (otherwise it would have remained unnoticed), I had to change it back manually. -- Package-specific info: -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-2-amd64 (SMP w/8 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apache2 depends on: ii apache2-bin 2.4.10-2 ii apache2-data 2.4.10-2 ii lsb-base 4.1+Debian13 ii mime-support 3.56 ii perl 5.20.0-6 ii procps 1:3.3.9-7 Versions of packages apache2 recommends: ii ssl-cert 1.0.34 Versions of packages apache2 suggests: ii apache2-doc 2.4.10-2 pn apache2-suexec-pristine | apache2-suexec-custom <none> ii apache2-utils 2.4.10-2 ii epiphany-browser [www-browser] 3.12.1-1 ii iceape [www-browser] 2.7.12-1+b1 ii iceweasel [www-browser] 24.8.0esr-1~deb7u1 ii links [www-browser] 2.8-2 ii links2 [www-browser] 2.8-2 ii lynx-cur [www-browser] 2.8.9dev1-2 ii midori [www-browser] 0.4.3+dfsg-0.1 ii surf [www-browser] 0.6-1 ii uzbl [www-browser] 0.0.0~git.20120514-1.1 ii w3m [www-browser] 0.5.3-17 Versions of packages apache2-bin depends on: ii libapr1 1.5.1-3 ii libaprutil1 1.5.3-3 ii libaprutil1-dbd-sqlite3 1.5.3-3 ii libaprutil1-ldap 1.5.3-3 ii libc6 2.19-11 ii libldap-2.4-2 2.4.39-1.1+b1 ii liblua5.1-0 5.1.5-7 ii libpcre3 1:8.35-3 ii libssl1.0.0 1.0.1i-2 ii libxml2 2.9.1+dfsg1-3 ii perl 5.20.0-6 ii zlib1g 1:1.2.8.dfsg-2 Versions of packages apache2-bin suggests: ii apache2-doc 2.4.10-2 pn apache2-suexec-pristine | apache2-suexec-custom <none> ii epiphany-browser [www-browser] 3.12.1-1 ii iceape [www-browser] 2.7.12-1+b1 ii iceweasel [www-browser] 24.8.0esr-1~deb7u1 ii links [www-browser] 2.8-2 ii links2 [www-browser] 2.8-2 ii lynx-cur [www-browser] 2.8.9dev1-2 ii midori [www-browser] 0.4.3+dfsg-0.1 ii surf [www-browser] 0.6-1 ii uzbl [www-browser] 0.0.0~git.20120514-1.1 ii w3m [www-browser] 0.5.3-17 Versions of packages apache2 is related to: ii apache2 2.4.10-2 ii apache2-bin 2.4.10-2 -- Configuration Files: /etc/apache2/mods-available/userdir.conf changed: <IfModule mod_userdir.c> UserDir public_html UserDir disabled root <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Indexes Options=MultiViews Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec <Limit GET POST OPTIONS> Require all granted </Limit> <LimitExcept GET POST OPTIONS> Require all denied </LimitExcept> </Directory> </IfModule> /etc/logrotate.d/apache2 changed: /var/log/apache2/*.log { weekly missingok rotate 52 compress delaycompress notifempty create 640 root adm sharedscripts postrotate if /etc/init.d/apache2 status > /dev/null ; then \ /etc/init.d/apache2 reload > /dev/null; \ fi; endscript prerotate if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ run-parts /etc/logrotate.d/httpd-prerotate; \ fi; \ endscript } -- no debconf information
--- End Message ---
--- Begin Message ---
- To: Vincent Lefevre <vincent@vinc17.net>, 762584-done@bugs.debian.org
- Subject: Re: Bug#762584: apache2: silently changes user configuration /etc/logrotate.d/apache2
- From: Arno Töll <arno@debian.org>
- Date: Tue, 23 Sep 2014 14:43:49 +0200
- Message-id: <54216B05.2020301@debian.org>
- In-reply-to: <[🔎] 20140923122023.GA11869@ypig.lip.ens-lyon.fr>
- References: <[🔎] 20140923122023.GA11869@ypig.lip.ens-lyon.fr>
Hi, On 23.09.2014 14:20, Vincent Lefevre wrote: > the /etc/logrotate.d/apache2 file, which is a user configuration file, > has silently been modified, not due to internal change (such as an > option rename), but with a real change of the behavior. It is really > bad to change user configuration without asking him first. We install this file through dh_installlogrotate and it is listed as a conffile in the binary package of apache2. That means, it will be handled like any other configuration file in Debian with special care and it won't overwrite changes YOU made. However, the Debian default is to overwrite configuration changes when the file was untouched by the user, and this is a policy compliant behavior. If you dislike this behavior, you can hint dpkg to whatever you prefer - it's not a bug in the package though. -- mit freundlichen Grüßen, Arno Töll GnuPG Key-ID: 0x9D80F36DAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---