PDA

View Full Version : logrotate error



ecanmaster
14-Jul-2015, 10:07
I am getting daily errors for the logrotate
these are not serious errors, but I still want to get rid of them
here is the error I get in /var/log/messages


logrotate: error: stat of /var/log/news/news.crit failed: Permission denied
logrotate: error: stat of /var/log/news/news.err failed: Permission denied
logrotate: error: stat of /var/log/news/news.notice failed: Permission denied

here is my /etc/logrotate.conf


cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# comment these to switch compression to use gzip or another
# compression scheme
compresscmd /usr/bin/bzip2
uncompresscmd /usr/bin/bunzip2

# former versions had to have the compressext set accordingly
#compressext .bz2

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
#/var/log/wtmp {
# monthly
# create 0664 root utmp
# minsize 1M
# rotate 1
#}
#
# /var/log/btmp {
# missingok
# monthly
# create 0600 root utmp
# rotate 1
#}

# system-specific logs may be also be configured here.



debugging:
logrotate -v /etc/logrotate.conf


rotating pattern: /var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice 4194304 bytes (99 rotations)
empty log files are not rotated, old logs are removed
switching euid to 9 and egid to 13
considering log /var/log/news/news.crit
error: stat of /var/log/news/news.crit failed: Permission denied
considering log /var/log/news/news.err
error: stat of /var/log/news/news.err failed: Permission denied
considering log /var/log/news/news.notice
error: stat of /var/log/news/news.notice failed: Permission denied
switching euid to 0 and egid to 0


permissions of the files


-rw------- 1 news news 0 2012-05-14 14:29 news.crit
-rw------- 1 news news 0 2012-05-14 14:29 news.err
-rw------- 1 news news 0 2012-05-14 14:29 news.notice


I noticed this in the debug:
switching euid to 9 and egid to 13

there is no configuration set to change the permissions, why is it doing this ?
euid means effective UID, but I am not sure what 9 means
this looks the root cause, but how to deal with it?

ecanmaster
14-Jul-2015, 10:24
found out the Effective (real) UID and egid 13 :


news:x:9:13:News system:/etc/news:/bin/bash


so the user and group is news, which are the permissions on that folder/directory

EUID is the real name for the user (which is a number):
At the lowest level of the operating system, the kernel, users and groups aren't identified by names, but numbers.

But still why is it switching ?

ecanmaster
14-Jul-2015, 10:37
I found the solution.
Did sudo su to news and tried to cd to /var/log/news,
I got permission denied and after changing the directory permissions to 700 (was 600),
I could login and debug looks fine now:



rotating pattern: /var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice 4194304 bytes (99 rotations)
empty log files are not rotated, old logs are removed
switching euid to 9 and egid to 13
considering log /var/log/news/news.crit
log does not need rotating
considering log /var/log/news/news.err
log does not need rotating
considering log /var/log/news/news.notice
log does not need rotating
not running postrotate script, since no logs were rotated
switching euid to 0 and egid to 0

jmozdzen
14-Jul-2015, 10:52
Hi ecanmaster,

good to see you got it working (and thanks for telling *how*), so I'll only comment on an earlier question you gave:

> there is no configuration set to change the permissions, why is it doing this ?

The answer can be found implicitly in the following part of your logrotate.conf:


# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

grep'ing for "news.crit" in the files of that directory, I'm sure you'll find a section concerning creation of these files (most likely in /etc/logrotate.d/syslog) with uid/gid "news" :)

Regards,
Jens

ecanmaster
14-Jul-2015, 14:46
thx Jens!!!!
I was looking for that information and now I know exactly what it is doing:



/var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice {
compress
dateext
maxage 365
rotate 99
missingok
notifempty
size +4096k
su news news
create 640 news news
sharedscripts
postrotate 99
/etc/init.d/syslog reload > /dev/null
endscript