Comment 9 for bug 1287624

Hi. I'm the developer of MUNGE. I keep seeing new bug reports for this bug appear here in the tracker. The most recent one was yesterday (Bug 1680503).

This particular issue has been reported against Ubuntu 14.04 (this bug report), Ubuntu 14.10 (Bug 1391175), Ubuntu 15.04 (Bug 1448620), and Ubuntu 16.04 (Bug 1581225, Bug 1586865, Bug 1594363, Bug 1603205, Bug 1617842, Bug 1621578, Bug 1659458, Bug 1661104, Bug 1680503). It was fixed in munge-0.5.12 which appears in Ubuntu 16.10. I realize Ubuntu 14.10 and 15.04 have reached end-of-life, but I'd like to see this get fixed in 14.04 and 16.04 since they're both LTS releases.

The problem is due to the permission checks performed by munged. The daemon checks its directories (and their parent directories) to ensure they do not allow write permissions for group or other unless the sticky bit is set. Starting in Ubuntu 14.04, the permissions and ownership on the /var/log directory changed from 0755 root:root to 0775 root:syslog. This results in munged immediately exiting with [Error: Logfile is insecure: group-writable permissions set on "/var/log"].

This is easy to reproduce. Just install and start munge. It will fail every time it starts since /var/log is permissioned 0775.

This error can be suppressed if munged is started with either "--force" or "--syslog". But the patch I wrote for the 0.5.12 release fixes the permission check. It applies cleanly against 0.5.11. I'm attaching it here.