On Fri, Dec 02, 2011 at 03:16:15PM +0800, Hunt Xu wrote:
> Hi, all!
> 
> vdsm-logrotate kept reporting errors like "error: skipping
> "/var/log/core/core.3150.1321682189.dump" because parent directory has
> insecure permissions (It's world writable or writable by group which is
> not "root") Set "su" directive in config file to tell logrotate which
> user/group should be used for rotation."
> 
> This was caused by setting /var/log/core world-writable in vdsm.spec.in.
> After I simply added "su root root" to the /var/log/core/*.dump rotation
> configuration, it seems to be solved now.
> 
> So is this the way to fix the problem? Or any better else?

That is probably the correct solution - logrotate has recently changed
to improve security. From Debian's /usr/share/doc/logrotate/NEWS.Debian.gz:

logrotate (3.8.0-1) experimental; urgency=low

  Please note that this update changes the behaviour of logrotate:

  Logrotate now skips directories which are world writable or writable 
  by group which is not "root" unless the (new) "su" directive is used.

_______________________________________________
vdsm-devel mailing list
vdsm-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/vdsm-devel

Reply via email to