Stephan Seitz <stse+debian@???> writes:
> On Fri, Oct 26, 2012 at 02:24:59PM +0200, Christian Marillat wrote:
>>Stephan Seitz <stse+debian@???> writes:
>>> On Wed, Oct 24, 2012 at 01:23:05PM +0200, Christian Marillat wrote:
>>>>> - /etc/logrotate.d/mythlogserver contains the line „su mythtv mythtv”,
>>>>> but I don’t find any hints in /etc/rsyslog.d/mythtv.conf that the
>>>>> logfiles should have this permission. We are running with syslog now,
>>>>> aren’t we?
>>>>Yes. Fixed.
>>>
>>> I’m afraid, it isn’t. 0.26.0-dmo3 still contains the line „su mythtv
>>> mythtv” in /etc/logrotate.d/mythlogserver. But as long as
>>> /var/log/mythtv has the permissions „mythtv:mythtv” with 2775,
>>> logrotate refuses to work:
>>>
>>> error: skipping „/var/log/mythtv/mythavtest.log” because parent
>>> directory has insecure permissions (It’s world writable or writable by
>>> group which is not „root”) Set „su” directive in config file to tell
>>> logrotate which user/group should be used for rotation.
>>
>>Exactly why we have a su rules in the logrotate configuration file.
>
> You know, I’m confused now. ;-) Your changelog says:
Yes, I forgot to remove this entry.
> Don’t use ‚su mythtv mythtv’ in logrotate configuration file.
>
> So, what are we doing?
We keep su.
>>> So maybe we should change to „root:mythtv” with 755?
>>The best is to not have log file set to root:admin, because otherwise
>>the current mythtv user is unable to read these file if he isn't in the
>>adm group.
>
> Well, that’s why I was suggesting „root:mythtv”, not adm. But with 755
> for the directory and „$FileCreateMode 0644” in the rsyslog
> configuration, everyone will be able to read the logs, no matter which
> group.
Bad idea, I don't want to see everyone read my logfiles.
Christian