Giters

sous-chefs / logrotate

Development repository for the logrotate cookbook

Home Page:https://supermarket.chef.io/cookbooks/logrotate

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

skipping "/var/log/syslog" because parent directory has insecure permissions

jason-kane opened this issue · comments

commented

error: skipping "/var/log/syslog" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.

Some/recent logrotate versions (3.8.7+, ubuntu 16.04) fail to rotate logs without an "su" directive added to the logrotate config telling it which user/group to run as.

Old versions of logrotate (ubuntu 12.04?) fail when they see an unknown/unexpected "su" directive in the config file.

The naive solution is to run logrotate --version and for recent versions add a su username groupname where username and groupname reflect the owner of the directory containing the file being rotated.

My ruby/chef foo isn't really up to it, deliriously hoping someone else has already run into this and has a lovely fix they haven't thought to send upstream.

commented

Adding a "su 'user group'" to the logrotate_app calls fixes the 16.04 based services; I hoped for something compatible with old/new but this is way better than nothing. Note to future google searchers:

logrotate_app myapplicaton do
  cookbook 'logrotate'
  path ["/var/log/subdir/mylog.log"]
  frequency	'daily'
  rotate 52
  create '0664 appuser appgroup'
  options %w(missingok compress delaycompress notifempty)
  postrotate ['service rsyslog restart >/dev/null 2>&1 || true']
  su 'appuser appgroup'
end
commented

how do you do this from webmin

commented

Adding a "su 'user group'" to the logrotate_app calls fixes the 16.04 based services; I hoped for something compatible with old/new but this is way better than nothing. Note to future google searchers:

logrotate_app myapplicaton do
  cookbook 'logrotate'
  path ["/var/log/subdir/mylog.log"]
  frequency	'daily'
  rotate 52
  create '0664 appuser appgroup'
  options %w(missingok compress delaycompress notifempty)
  postrotate ['service rsyslog restart >/dev/null 2>&1 || true']
  su 'appuser appgroup'
end

For later versions of Debian based OS'es, use "su appuser appgroup" without any quotes. The ' ' breaks the logrotate script. In my case, Debian Stretch requires this format.