On Tue, Dec 06, 2011 at 01:21:09PM -0700, dann frazier wrote:
> On Fri, Dec 02, 2011 at 03:16:15PM +0800, Hunt Xu wrote:
> > Hi, all!
> > 
> > vdsm-logrotate kept reporting errors like "error: skipping
> > "/var/log/core/core.3150.1321682189.dump" because parent directory has
> > insecure permissions (It's world writable or writable by group which is
> > not "root") Set "su" directive in config file to tell logrotate which
> > user/group should be used for rotation."
> > 
> > This was caused by setting /var/log/core world-writable in vdsm.spec.in.
> > After I simply added "su root root" to the /var/log/core/*.dump rotation
> > configuration, it seems to be solved now.
> > 
> > So is this the way to fix the problem? Or any better else?
> 
> That is probably the correct solution - logrotate has recently changed
> to improve security. From Debian's /usr/share/doc/logrotate/NEWS.Debian.gz:
> 
> logrotate (3.8.0-1) experimental; urgency=low
> 
>   Please note that this update changes the behaviour of logrotate:
> 
>   Logrotate now skips directories which are world writable or writable 
>   by group which is not "root" unless the (new) "su" directive is used.

Thanks, I was not aware of this.
_______________________________________________
vdsm-devel mailing list
vdsm-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/vdsm-devel

Reply via email to