PDA

View Full Version : How to configure syslog-ng/SLES to maintain file permissions



Flako000
30-May-2012, 21:31
Hello
Change the permissions of "/var/log/mail" (to access zabbix agent) using setfacl.
Everything is perfect until syslog-ng rotate the file, the new rotated, has permission by default.
Is there any way to configure syslog-ng or SLES to maintain the file permissions?

I am using SLES 1 - SP1, with syslog-ng-1.6.8-20.18 and Kernel 2.6.16.46-0.14

You put a script in cron, I can not think of anything else.

Thanks for being up here. (my bad English is due to my inability to properly use google translate)

ab
30-May-2012, 21:41
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If logrotate is doing the file rotation I think you can fix this with
the following (from the `man 5 logrotate` stuff:

create mode owner group
Immediately after rotation (before the postrotate script is run)
the log file is created (with the same name as the log file just
rotated). mode specifies the mode for the log file in octal (the same
as chmod(2)), owner specifies the user name who will own the log file,
and group specifies the group the log file will belong to. Any of the
log file attributes may be omitted, in which case those attributes for
the new file will use the same values as the original log file for the
omitted attributes. This option can be disabled using the nocreate option.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPxoYCAAoJEF+XTK08PnB5VukQALHzGICTbS 4dzhv1WYhA4rc4
ZIF9XaUbo57JqAP6x9RrjoTP6ORjeBqu3Xg7slXhRg9k+266Rn XTtekQr/YSXm7M
IPS9aBsmH5lTbiM7I/6qYgoNHm8dM1S8yg6QdAuAEVeb5dN5D1UCTNexoo306mjf
sA2ngYGkh+CH3VmE6jHwPJGbAnlC3WkgRr/KrPVZelsfEHJ2oSAKPW+jdsA9MPTi
tzHuWVVs7a0gNiWvamMeHex4I1o4HsLlKaaObjEL7XOCnvqH8s bkl+/5Bd/GNt1a
qCevuLFodB0+wVzaPVpTVLAS1nKEut96DdzIFM+nlBj0aQdNUO GAKGIkEKTjVwJR
7lKHZyV6KavkDiz39VZfHzdTNKXd7m4E+4ESrY+3+vCjd+AeZS TCBUCBgf9f6Hbd
iQIknNSoyHAt8/ro7h55vkgc+ut432XdTO35+ctF2ig4NO/mIon58YefmaWaHWnF
8OH+Xv3nIketFy1r0hmLRJDGHPsW62KtZHqrHU7CiQlXvj6PjX PFo8wz/MrunqGm
U6iWVFRCIUPJnRE+BE/Rf2PCe11whSU78WGN681P8abBRK7b25r9ZyThTfetvuYW
oSmlsvIRGK0jli26pgn9pxuZC/rohHyF6v5m/XntG4oIohMG1+jD3MP69KAEpCCv
9KDKrNyPssCzJbot7MO8
=ee0s
-----END PGP SIGNATURE-----

Flako000
30-May-2012, 22:25
Thanks Guest, Thanks for reading the man for me: (

Permits user, group, others saw in syslog-ng.conf, but does not work because what you lose is a acl.
But you helped me see the obvious, the command postrotate.
In /etc/logrotate.d/syslog placing

/var/log/mail /var/log/mail.info /var/log/mail.warn /var/log/mail.err {
...
create 640 root root
..
postrotate
/etc/init.d/syslog reload > /dev/null
/usr/bin/setfacl -m u:zabbix:r /var/log/mail
endscript

Was solved, thanks.