On Fri, Oct 26, 2012 at 02:24:59PM +0200, Christian Marillat wrote:
>Stephan Seitz <stse+debian@???> writes:
>> On Wed, Oct 24, 2012 at 01:23:05PM +0200, Christian Marillat wrote:
>>>> - /etc/logrotate.d/mythlogserver contains the line „su mythtv mythtv”,
>>>> but I don’t find any hints in /etc/rsyslog.d/mythtv.conf that the
>>>> logfiles should have this permission. We are running with syslog now,
>>>> aren’t we?
>>>Yes. Fixed.
>>
>> I’m afraid, it isn’t. 0.26.0-dmo3 still contains the line „su mythtv
>> mythtv” in /etc/logrotate.d/mythlogserver. But as long as
>> /var/log/mythtv has the permissions „mythtv:mythtv” with 2775,
>> logrotate refuses to work:
>>
>> error: skipping „/var/log/mythtv/mythavtest.log” because parent
>> directory has insecure permissions (It’s world writable or writable by
>> group which is not „root”) Set „su” directive in config file to tell
>> logrotate which user/group should be used for rotation.
>
>Exactly why we have a su rules in the logrotate configuration file.
You know, I’m confused now. ;-) Your changelog says:
Don’t use ‚su mythtv mythtv’ in logrotate configuration file.
So, what are we doing?
>> So maybe we should change to „root:mythtv” with 755?
>The best is to not have log file set to root:admin, because otherwise
>the current mythtv user is unable to read these file if he isn't in the
>adm group.
Well, that’s why I was suggesting „root:mythtv”, not adm. But with 755
for the directory and „$FileCreateMode 0644” in the rsyslog
configuration, everyone will be able to read the logs, no matter which
group.
Stephan
--
| Stephan Seitz E-Mail: stse@??? |
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |