После обновления logrotate от cron.daily стали приходить такие письма: =8<================================================================= error: skipping "/var/log/nginx/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/nginx/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/nginx/nginx.error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. =8<================================================================= лог-файлы при этом не ротируются.
Ну написал бы уже кто-нибудь менее глючный logrotate!
*** Bug 31622 has been marked as a duplicate of this bug. ***
Ну весь мир с ним живёт. Мне как админу было бы менее неудобно, если бы поведение logrotate совпадало с мэйнтримом. Сейчас, например, приходится делать разные декларации logrotate для ALT и Debian.
logrotate-3.9.1-alt2 -> sisyphus: * Tue Dec 15 2015 Dmitry V. Levin <ldv@altlinux> 3.9.1-alt2 - Apply ALT Secure Packaging Policy (closes: #31623).
logrotate-3.9.1-alt2. Про nginx ругань исчезла. Теперь приходит другая: =8<======================================================================= error: skipping "/var/log/uucp/Debug" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/uucp/Log" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/uucp/Stats" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/uucp/errors" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/uucp/info" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation. error: skipping "/var/log/uucp/warnings" because parent directory has insecure permissions (it's not owned by "root"); consider using "su" directive in config file to tell logrotate which user/group should be used for rotation. =8<======================================================================= права/владелец /var/log/uucp из пакета syslog-common не менялся: =8<======================================================================= drwxr-x--- 2 uucp adm 4096 Mar 14 2012 uucp =8<=======================================================================
Права на /var/log/uucp/ не соответствуют требованиям ALT Secure Packaging Policy. Довольно давно уже не соответствуют: * Thu May 10 2001 Stanislav Ievlev <inger@altlinux.ru> 1.4.1-alt1 - Up to 1.4.1. - Added patch from Owl. - Fixed parent process killing bug. - Chowned /var/log/uucp to uucp user.
К сожалению, без syslog-common (и соответственно без такой ругани) сейчас не обходятся postfix/openvpn/nut-server и, видимо, все реализации демона syslog.
*** Bug 31638 has been marked as a duplicate of this bug. ***
(In reply to comment #5) > error: skipping "/var/log/uucp/Debug" because parent directory has insecure > permissions (it's not owned by "root"); consider using "su" directive in config > file to tell logrotate which user/group should be used for rotation. Оставлю тут ссылку на Bug 31636 про uucp, чтобы искалось проще.
