rpms / nfs-ganesha

Clone
Source Code
GIT

#2 quiet logrotate warning by limiting logdir permissions
Opened 5 years ago by ttorcz. Modified 5 years ago
rpms/ ttorcz/nfs-ganesha master  into  master

Merge

No commits found

This change fixes following error from logrotate:
error: skipping "/var/log/ganesha/ganesha.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root"). Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Alternative fix is to add "su root ganesha" into logrotate snippet.

This bug appeared in downstream distribution, too: https://bugzilla.redhat.com/show_bug.cgi?id=1559801

I'm kind-of leaning towards adding the "su ganesha ganesha" command, as I'm not completely sure what depends on that being group writable. I don't have a huge preference, however.

Both solutions are fine. Changing the directory permission need less changes, but patching logrotate configuration will fix the bug, too.

su root ganesha or su ganesha ganesha ?

We changed thisfrom (0755,ganesha,ganesha) to (0775,ganesha,root) in https://github.com/nfs-ganesha/nfs-ganesha/commit/40ee79dbf4233d9869b8c4fda06f9fe9dc25fc50 after a long discussion with the selinux devs about the correct values and I'm reluctant to revert it without a better understanding of the selinux implications, if any. (And don't forget, we have an RFE to run ganesha as non-root, which may have further implications.)

As such my preference would to add the su root ganesha to the logrotate snippet.

In the diff, the line being changed is:

%dir %attr(0755,ganesha,ganesha) %{_localstatedir}/log/ganesha

Either this needs to be fixed to (0755,ganesha,root) or the logrotate needs to be su ganesha ganesha.
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.