On Tue, Dec 06, 2011 at 01:21:09PM -0700, dann frazier wrote: > On Fri, Dec 02, 2011 at 03:16:15PM +0800, Hunt Xu wrote: > > Hi, all! > > > > vdsm-logrotate kept reporting errors like "error: skipping > > "/var/log/core/core.3150.1321682189.dump" because parent directory has > > insecure permissions (It's world writable or writable by group which is > > not "root") Set "su" directive in config file to tell logrotate which > > user/group should be used for rotation." > > > > This was caused by setting /var/log/core world-writable in vdsm.spec.in. > > After I simply added "su root root" to the /var/log/core/*.dump rotation > > configuration, it seems to be solved now. > > > > So is this the way to fix the problem? Or any better else? > > That is probably the correct solution - logrotate has recently changed > to improve security. From Debian's /usr/share/doc/logrotate/NEWS.Debian.gz: > > logrotate (3.8.0-1) experimental; urgency=low > > Please note that this update changes the behaviour of logrotate: > > Logrotate now skips directories which are world writable or writable > by group which is not "root" unless the (new) "su" directive is used.
Thanks, I was not aware of this. _______________________________________________ vdsm-devel mailing list vdsm-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/vdsm-devel
