Updated on 24 Jul 2021
Error on Start up
When I start up Ubuntu, I am presented with an error in the start up screen.
Failed to start Rotate log files
The reason for this is a hardening of the security aspects of the service. If we have a look at this file /lib/systemd/system/logrotate.system
[Unit] Description=Rotate log files Documentation=man:logrotate(8) man:logrotate.conf(5) ConditionACPower=true [Service] Type=oneshot ExecStart=/usr/sbin/logrotate /etc/logrotate.conf # performance options Nice=19 IOSchedulingClass=best-effort IOSchedulingPriority=7 # hardening options # details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html # no ProtectHome for userdir logs # no PrivateNetwork for mail deliviery # no ProtectKernelTunables for working SELinux with systemd older than 235 # no MemoryDenyWriteExecute for gzip on i686 PrivateDevices=true PrivateTmp=true ProtectControlGroups=true ProtectKernelModules=true ProtectSystem=full RestrictRealtime=true
We’ll see this line 2nd from the end.
What this means is that the logrotate service will only have access to the /var/log directory or subdirectories. Outside of this and logrotate won’t work; hence a possible reason my logrotate failed to start.
Before making any assumptions let’s see the status of logrotate
systemctl status logrotate
In this case there is an error in writing to the mysql log files. This is within the /var/log directory, so it must be something else.
If I get a directory listing I can see that the mysql folder and files are owned by
mysql and have a group of
adm. logrotate runs under the
adm user, and we can see here that group doesn’t have write permissions to the file. This explains the error message we were seeing before.
We can change the permissions and restart the service.
And we can see that everything works as expected now.
Unfortunately the next time the machine restarts, MySQL will alter the ownership of the log file again and we are back at square one. When I get the opportunity, I will update my notes when I find a solution.