Bug#729315: logrotate: documentation of behavior and usage of su with create is lacking.
On Sun, Nov 17, 2013 at 06:31:06PM -0700, Ben Hildred wrote: Severity: normal this affects users upgrading their systems from versions which did not have this option. No, it doesn't! You'd have to manually add the option to any existing scripts, which would otherwise continue to run exactly as before without any need for modification. This is a minor bug because it solely concerns documentation of a newly added feature which doesn't break any existing installations. The point of this bug report is not to say the option is bad, or mis-implemented, it is that there was a significant change in behavior with little documentation and no examples of the critical interactions, or recommended practice. I after more than half day got my machine to quit complaining, but I am not confident that my solution is the right one. I think I figured It out, but real documentation would be better. Please explain what you don't comprehend about the manpage entry su user group Rotate log files set under this user and group instead of using default user/group (usually root). user specifies the user name used for rotation and group specifies the group used for rota‐ tion. and can you suggest a better alternative? -- Paul Martin p...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#729315: logrotate: documentation of behavior and usage of su with create is lacking.
On Mon, Nov 18, 2013 at 8:42 AM, Paul Martin p...@debian.org wrote: On Sun, Nov 17, 2013 at 06:31:06PM -0700, Ben Hildred wrote: Severity: normal this affects users upgrading their systems from versions which did not have this option. No, it doesn't! You'd have to manually add the option to any existing scripts, which would otherwise continue to run exactly as before without any need for modification. but at increased volume This is a minor bug because it solely concerns documentation of a newly added feature which doesn't break any existing installations. every server emailed every day about every create option The point of this bug report is not to say the option is bad, or mis-implemented, it is that there was a significant change in behavior with little documentation and no examples of the critical interactions, or recommended practice. I after more than half day got my machine to quit complaining, but I am not confident that my solution is the right one. I think I figured It out, but real documentation would be better. Please explain what you don't comprehend about the manpage entry su user group Rotate log files set under this user and group instead of using default user/group (usually root). user specifies the user name used for rotation and group specifies the group used for rota‐ tion. and can you suggest a better alternative? by its self it is fine, but what about create which also makes perfect sense by it's self but what one arth do they have to do with each other? create mode owner group Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated). mode specifies the mode for the log file in octal (the same as chmod(2)), owner specifies the user name who will own the log file, and group specifies the group the log file will belong to. Any of the log file attributes may be omitted, in which case those attributes for the new file will use the same values as the original log file for the omitted attributes. This option can be disabled using the nocreate option. on first reading it looks like they have little in common, and I don't see where it says when using create you must use su with the same options to suppress error messages which appears to be the case, and mostly redundant and confusing where it is not redundant. -- Paul Martin p...@debian.org -- -- Ben Hildred Automation Support Services 303 815 6721
Bug#729315: logrotate: documentation of behavior and usage of su with create is lacking.
On Mon, Nov 18, 2013 at 12:22:00PM -0700, Ben Hildred wrote: and can you suggest a better alternative? by its self it is fine, but what about create which also makes perfect sense by it's self but what one arth do they have to do with each other? create mode owner group Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated). mode specifies the mode for the log file in octal (the same as chmod(2)), owner specifies the user name who will own the log file, and group specifies the group the log file will belong to. Any of the log file attributes may be omitted, in which case those attributes for the new file will use the same values as the original log file for the omitted attributes. This option can be disabled using the nocreate option. on first reading it looks like they have little in common, and I don't see where it says when using create you must use su with the same options to suppress error messages which appears to be the case, and mostly redundant and confusing where it is not redundant. I'll amend it with the next upload. The text will read: su user group Rotate log files set under this user and group instead of using default user/group (usually root). user specifies the user name used for rotation and group specifies the group used for rota‐ tion. If the user/group you specify here does not have suffi‐ cient privilege to make files with the ownership you've speci‐ fied in a create instruction, it will cause an error. -- Paul Martin p...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#729315: logrotate: documentation of behavior and usage of su with create is lacking.
Severity: normal this affects users upgrading their systems from versions which did not have this option. On Fri, Nov 15, 2013 at 12:19 PM, Paul Martin p...@debian.org wrote: Severity: minor On Mon, Nov 11, 2013 at 10:36:32AM -0700, Ben Hildred wrote: Which parts of the rotate happen as root and as su? Scripts run as the su user/group, as does the actual rotation and compression. Where is this documented? what are the permissions when files are created? What exactly would happen if I did this: su puser1 pgroup1 create 640 root adm It would fail to create the file with the correct ownership, outputting the message: error setting owner of to uid ... and gid ...: and this would be document where? The point of this bug report is not to say the option is bad, or mis-implemented, it is that there was a significant change in behavior with little documentation and no examples of the critical interactions, or recommended practice. I after more than half day got my machine to quit complaining, but I am not confident that my solution is the right one. I think I figured It out, but real documentation would be better. -- Paul Martin p...@debian.org -- -- Ben Hildred Automation Support Services 303 815 6721
Bug#729315: logrotate: documentation of behavior and usage of su with create is lacking.
Severity: minor On Mon, Nov 11, 2013 at 10:36:32AM -0700, Ben Hildred wrote: Which parts of the rotate happen as root and as su? Scripts run as the su user/group, as does the actual rotation and compression. What exactly would happen if I did this: su puser1 pgroup1 create 640 root adm It would fail to create the file with the correct ownership, outputting the message: error setting owner of to uid ... and gid ...: -- Paul Martin p...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#729315: logrotate: documentation of behavior and usage of su with create is lacking.
Package: logrotate Version: 3.8.1-4 Severity: normal Dear Maintainer, * What led up to the situation? - I was getting mail about insecure directories like /var/log/samba after upgrade. * What exactly did you do (or not do) that was effective (or ineffective)? - read man page - moaned that my incomplete and nonfunctional patch to create for acls was going to take more work * What was the outcome of this action? - confusion - harassment * What outcome did you expect instead? - enlightenment - sympathy Does su change uids or just change acceptable ownership for parent directory? Which parts of the rotate happen as root and as su? What exactly would happen if I did this: su puser1 pgroup1 create 640 root adm Should it work? -- Package-specific info: Contents of /etc/logrotate.d total 35 -rw-r--r-- 1 root root 326 Mar 4 2013 apache2 -rw-r--r-- 1 root root 173 Jan 25 2011 apt -rw-r--r-- 1 root root 79 Oct 26 2006 aptitude -rw-r--r-- 1 root root 237 Mar 26 2013 binkd -rw-r--r-- 1 root root 224 Oct 4 10:42 clamav-daemon -rw-r--r-- 1 root root 245 Oct 4 10:41 clamav-freshclam -rw-r--r-- 1 root root 135 Feb 24 2010 consolekit -rw-r--r-- 1 root root 248 Nov 28 2011 cups -rw-r--r-- 1 root root 77 Aug 16 2006 cvs-autoreleasedeb -rw-r--r-- 1 root root 132 Apr 4 2012 dirmngr -rw-r--r-- 1 root root 72 Jun 28 2012 dnssec-tools -rw-r--r-- 1 root root 232 Jan 30 2011 dpkg -rw-r--r-- 1 root root 100 Feb 13 2011 kdm -rw-r--r-- 1 root root 112 May 12 2005 mgetty -rw-r--r-- 1 root root 140 Sep 2 2008 mimedefang -rw-r--r-- 1 root root 880 Apr 14 17:22 mysql-server -rw-r--r-- 1 root root 157 Nov 16 2010 pm-utils -rw-r--r-- 1 root root 248 May 22 2010 polipo -rw-r--r-- 1 root root 173 Jan 9 2013 postgresql-common -rw-r--r-- 1 root root 94 Mar 17 2007 ppp -rw-r--r-- 1 root root 322 Feb 25 2011 samba -rw-r--r-- 1 root root 1713 Dec 8 2006 sendmail -rw-r--r-- 1 root root 68 Dec 13 2010 slim -rw-r--r-- 1 root root 174 Mar 4 2013 sssd -rw-r--r-- 1 root root 320 Oct 4 10:45 stunnel4 -rw-r--r-- 1 root root 128 Nov 8 2004 super -rw-r--r-- 1 root root 200 Jan 26 2010 swordfish -rw-r--r-- 1 root root 519 Mar 20 2013 syslog-ng -rw-r--r-- 1 root root 118 May 11 22:35 tomcat6 -rw-r--r-- 1 root root 190 Jan 16 2011 tor -rw-r--r-- 1 root root 115 Jan 21 2013 unattended-upgrades -rw-r--r-- 1 root root 191 Apr 15 17:08 winbind -rw-r--r-- 1 root root 276 Jun 18 2010 xdm -rw-r--r-- 1 root root 100 Dec 26 2009 yum -- System Information: Debian Release: 7.1 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages logrotate depends on: ii anacron 2.3-19 ii base-passwd 3.5.26 ii cron [cron-daemon] 3.0pl1-124 ii libc6 2.13-38 ii libpopt01.16-7 ii libselinux1 2.1.9-5 Versions of packages logrotate recommends: ii mailutils [mailx] 1:2.99.97-3 logrotate suggests no packages. -- no debconf information -- -- Ben Hildred Automation Support Services 303 815 6721