On Tue, Dec 06, 2011 at 01:21:09PM -0700, dann frazier wrote:
> On Fri, Dec 02, 2011 at 03:16:15PM +0800, Hunt Xu wrote:
> > Hi, all!
> > vdsm-logrotate kept reporting errors like "error: skipping
> > "/var/log/core/core.3150.1321682189.dump" because parent directory has
> > insecure permissions (It's world writable or writable by group which is
> > not "root") Set "su" directive in config file to tell logrotate which
> > user/group should be used for rotation."
> > This was caused by setting /var/log/core world-writable in vdsm.spec.in.
> > After I simply added "su root root" to the /var/log/core/*.dump rotation
> > configuration, it seems to be solved now.
> > So is this the way to fix the problem? Or any better else?
> That is probably the correct solution - logrotate has recently changed
> to improve security. From Debian's /usr/share/doc/logrotate/NEWS.Debian.gz:
> logrotate (3.8.0-1) experimental; urgency=low
> Please note that this update changes the behaviour of logrotate:
> Logrotate now skips directories which are world writable or writable
> by group which is not "root" unless the (new) "su" directive is used.
Thanks, I was not aware of this.
vdsm-devel mailing list