Re: logrotate permissions problem

[Reco]

 Hi.

On Tue, 01 Sep 2015 08:27:39 -0600
"D. R. Evans"  wrote:

> D. R. Evans wrote on 08/31/2015 01:09 PM:
> 
> >> The solution of this problem should be as simple as:
> >>
> >> chgrp adm /var/log/polipo/pol*
> >> rm -f /var/log/polipo/polipo.log.1.gz
> > 
> > OK; I have done that, and will let you know tomorrow whether the problem has
> > gone away.
> > 
> 
> Yep; no notification from the system last night, so the solution looks like
> it's worked.
> 
> Thank you very much.

You're welcome.

Reco

Re: logrotate permissions problem

[D. R. Evans]

D. R. Evans wrote on 08/31/2015 01:09 PM:

>> The solution of this problem should be as simple as:
>>
>> chgrp adm /var/log/polipo/pol*
>> rm -f /var/log/polipo/polipo.log.1.gz
> 
> OK; I have done that, and will let you know tomorrow whether the problem has
> gone away.
> 

Yep; no notification from the system last night, so the solution looks like
it's worked.

Thank you very much.

  Doc

-- 
Web:  http://www.sff.net/people/N7DR



signature.asc
Description: OpenPGP digital signature

Re: logrotate permissions problem

[D. R. Evans]

Reco wrote on 08/29/2015 12:17 PM:

> 
> Your /etc/logrotate.d/polipo should contain this line:
> 
> su proxy adm
> 

Yep.

[stuff elided]

> 
> The solution of this problem should be as simple as:
> 
> chgrp adm /var/log/polipo/pol*
> rm -f /var/log/polipo/polipo.log.1.gz

OK; I have done that, and will let you know tomorrow whether the problem has
gone away.

Thank you very much.

  Doc

-- 
Web:  http://www.sff.net/people/N7DR



signature.asc
Description: OpenPGP digital signature

Re: logrotate permissions problem

[Reco]

 Hi.

On Sat, 29 Aug 2015 09:43:27 -0600
D. R. Evans doc.ev...@gmail.com wrote:

 Ever since the upgrade from wheezy to jessie a few days ago, I have been
 receiving the following every day:
 
 
 
 /etc/cron.daily/logrotate:
 error: error setting owner of /var/log/polipo/polipo.log.1.gz to uid 13 and
 gid 13: Operation not permitted
 run-parts: /etc/cron.daily/logrotate exited with return code 1
 
 
 
 The directory /var/log/polipo has the permissions:
   drwxr-sr-x  2 proxy adm 4096 Aug 29 07:39 polipo
 
 and right now the contents of that directory look like this:
 
 
 
 root@homebrew:/var/log/polipo# ls -al
 total 64
 drwxr-sr-x  2 proxy adm4096 Aug 29 07:39 .
 drwxr-xr-x 19 root  root   4096 Aug 29 07:39 ..
 -rw---  1 proxy adm   18854 Aug 29 09:11 polipo.log
 -rw-r-  1 proxy proxy  6025 Aug 26 07:40 polipo.log.1
 -rw---  1 proxy adm   0 Aug 29 07:39 polipo.log.1.gz
 -rw-r-  1 proxy proxy   255 Aug 25 07:11 polipo.log.2.gz
 -rw-r-  1 proxy proxy   425 Aug 24 07:11 polipo.log.3.gz
 -rw-r-  1 proxy proxy   279 Aug 23 07:11 polipo.log.4.gz
 -rw-r-  1 proxy proxy   328 Aug 22 07:11 polipo.log.5.gz
 -rw-r-  1 proxy proxy   273 Aug 21 07:11 polipo.log.6.gz
 -rw-r-  1 proxy proxy   288 Aug 20 07:11 polipo.log.7.gz
 -rw-r-  1 proxy proxy   166 Aug 19 07:11 polipo.log.8.gz
 root@homebrew:/var/log/polipo#
 
 
 
 Does anyone have a suggestion as to what I should do to stop the error message
 being produced every day?
 
 In case it needs to be said: this problem did not exist when I was running
 wheezy, and I haven't changed anything in the default installation related to
 logrotate or polipo. I am a bit puzzled as to why no one else seems to have
 reported this problem. Googling has not helped suggest the cause or the
 correct fix.

Your /etc/logrotate.d/polipo should contain this line:

su proxy adm

It means that all polipo.log rotation should be done as user proxy
with primary group adm.

During the rotation polipo.log should be renamed to polipo.log.1
and then it should be gzipped to polipo.log.1.gz. The owner and group
of the new file result proxy:adm.

Since the original file (polipo.log) owner and group are
proxy:proxy - logrotate tries to change group of polipo.log.1.gz to
proxy - and fails (since during the rotation the primary group of
logrotate is adm, and arbitrary group switching is permitted to root
only).

The solution of this problem should be as simple as:

chgrp adm /var/log/polipo/pol*
rm -f /var/log/polipo/polipo.log.1.gz

Reco