On Fri, Dec 02, 2011 at 03:16:15PM +0800, Hunt Xu wrote: > Hi, all! > > vdsm-logrotate kept reporting errors like "error: skipping > "/var/log/core/core.3150.1321682189.dump" because parent directory has > insecure permissions (It's world writable or writable by group which is > not "root") Set "su" directive in config file to tell logrotate which > user/group should be used for rotation." > > This was caused by setting /var/log/core world-writable in vdsm.spec.in. > After I simply added "su root root" to the /var/log/core/*.dump rotation > configuration, it seems to be solved now. > > So is this the way to fix the problem? Or any better else?
That is probably the correct solution - logrotate has recently changed to improve security. From Debian's /usr/share/doc/logrotate/NEWS.Debian.gz: logrotate (3.8.0-1) experimental; urgency=low Please note that this update changes the behaviour of logrotate: Logrotate now skips directories which are world writable or writable by group which is not "root" unless the (new) "su" directive is used. _______________________________________________ vdsm-devel mailing list firstname.lastname@example.org https://fedorahosted.org/mailman/listinfo/vdsm-devel