FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 09-19-2012, 04:11 PM
Meike Stone
 
Default let logrotate create an new empty file?

Hello dear list,

I've a problem with creation of a logfile in /var/log.

I have running a cronjob with a script, that should log in a file
under /var/log/. (using logger is not possible) The script is running
under a normal user.
Logrotate should care for filesize and pack them.

My Problem is, that the script is not allowed (because of insufficient
rights) to create a logfile under /var/log on it own.

So I thought, that logrotate can do this for me and set the
permissions that the user can write (statement: create 644 user root).
But thats wrong.

Logrotate creates only an empty file if it rotated the file before.
Also using the option "nomissingok" does not work, because it only
throws (as the man says) an error message (instead of create the file).

Also to use a logrotate script ("prerotate" or "firstaction") like:
/bin/touch /var/log/script.log
/bin/chown user.root /var/log/script.log
/bin/chmod 640 /var/log/script.log

is not possible, because the actions are only executed if the
conditions are fulfilled for rotation..

So anyone has an idea to create the logfile?

Many thanks in advance

Meike


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAFNHiA_0xi=QZvd4n-qcEyvY=FYC-dXGZrnmZwVJc73cDNZ1Kw@mail.gmail.com
 
Old 09-19-2012, 04:48 PM
Camaleón
 
Default let logrotate create an new empty file?

On Wed, 19 Sep 2012 18:11:55 +0200, Meike Stone wrote:

> I've a problem with creation of a logfile in /var/log.
>
> I have running a cronjob with a script, that should log in a file under
> /var/log/. (using logger is not possible) The script is running under a
> normal user.
> Logrotate should care for filesize and pack them.
>
> My Problem is, that the script is not allowed (because of insufficient
> rights) to create a logfile under /var/log on it own.

Sure:

sm01@stt008:~$ ls -la /var | grep log
drwxr-xr-x 12 root root 2784 sep 19 08:02 log

Only root user can write there unless you change the directory
permissions.

(...)

> So anyone has an idea to create the logfile?

As it seems you can't use use the syslog facility, how about storing the
log files anywhere under the user home directory and instruct logrotate
to find the files there? Once they are created you can move them to a
different place by means of an automated job :-?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/k3ct0o$s2t$13@ger.gmane.org
 
Old 09-20-2012, 12:55 AM
lee
 
Default let logrotate create an new empty file?

Meike Stone <meike.stone@gmail.com> writes:

> So anyone has an idea to create the logfile?

touch /var/log/logfile
chown user:user /var/log/logfile
chmod u+rw /var/log/logfile # probably not needed


>From your explanations, I understand that logrotate would create the
file if logrotate rotates the file, which requires the file to exist in
the first place, so create it manually and let logrotate rotate and
create the file in the future. Does that work? (This somewhat ignores
issues with file permissions that may exist.)


--
Debian testing amd64


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87pq5hjywa.fsf@yun.yagibdah.de">http://lists.debian.org/87pq5hjywa.fsf@yun.yagibdah.de
 
Old 09-21-2012, 11:55 AM
Meike Stone
 
Default let logrotate create an new empty file?

> >From your explanations, I understand that logrotate would create the
> file if logrotate rotates the file, which requires the file to exist in
> the first place, so create it manually and let logrotate rotate and
> create the file in the future. Does that work? (This somewhat ignores
> issues with file permissions that may exist.)

Yes, this works, but I don't want to create this with an extra command,
because the application (script) delivers the own crontab (/etc/cron.d/ and
own logrotate (etc/logrotate.d) file.
I thought this is enough and that logrotate is going to create the logfile with
the right permissions.

So maybe I overlook something in the configuration from logrotate?
If it is not possible, so I have to use "install" or "touch,chmod/chown" ...

Meike


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CAFNHiA-VxT9dFVz7HR+Ccptu2PG0M6iwbyTvLq8m312G+U1DGg@mail.g mail.com">http://lists.debian.org/CAFNHiA-VxT9dFVz7HR+Ccptu2PG0M6iwbyTvLq8m312G+U1DGg@mail.g mail.com
 
Old 09-21-2012, 03:54 PM
Camaleón
 
Default let logrotate create an new empty file?

On Fri, 21 Sep 2012 13:55:33 +0200, Meike Stone wrote:

>> >From your explanations, I understand that logrotate would create the
>> file if logrotate rotates the file, which requires the file to exist in
>> the first place, so create it manually and let logrotate rotate and
>> create the file in the future. Does that work? (This somewhat ignores
>> issues with file permissions that may exist.)
>
> Yes, this works, but I don't want to create this with an extra command,
> because the application (script) delivers the own crontab (/etc/cron.d/
> and own logrotate (etc/logrotate.d) file. I thought this is enough and
> that logrotate is going to create the logfile with the right
> permissions.

Logrotate can "rotate and store" the files and apply them the desired
perms but the script that "generates" the files is not allowed to write
under the usual "/var/log/*" directory unless this is done with root
perms (or by means of "sudo").

> So maybe I overlook something in the configuration from logrotate? If it
> is not possible, so I have to use "install" or "touch,chmod/chown" ...

You simple place the log files in a different place where the user that
creates the files has write perms or accomodate the "/var/log/
your_application/*" directory permissions.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/k3i2kb$oni$8@ger.gmane.org
 
Old 09-23-2012, 05:16 PM
lee
 
Default let logrotate create an new empty file?

Meike Stone <meike.stone@gmail.com> writes:

>> >From your explanations, I understand that logrotate would create the
>> file if logrotate rotates the file, which requires the file to exist in
>> the first place, so create it manually and let logrotate rotate and
>> create the file in the future. Does that work? (This somewhat ignores
>> issues with file permissions that may exist.)
>
> Yes, this works, but I don't want to create this with an extra command,
> because the application (script) delivers the own crontab (/etc/cron.d/ and
> own logrotate (etc/logrotate.d) file.

And your script cannot simply touch the logfile to create it as well?


--
Debian testing amd64


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87sja8ek1z.fsf@yun.yagibdah.de">http://lists.debian.org/87sja8ek1z.fsf@yun.yagibdah.de
 
Old 09-24-2012, 08:55 AM
Meike Stone
 
Default let logrotate create an new empty file?

>
> You simple place the log files in a different place where the user that
> creates the files has write perms or accomodate the "/var/log/
> your_application/*" directory permissions.
>
Yes I did this, and changed the rights to the user from the script:
mkdir /var/log/script
chown script.root /var/log/script
chmod 640 /var/log/script

But logrotate "complains":
=========================================
~# logrotate -d /etc/logrotate.d/script
reading config file /etc/logrotate.d/script
reading config info for /var/log/script/script.log

Handling 1 logs

rotating pattern: /var/log/script/escript.log
10485760 bytes (99 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/script/script.log
error: "/var/log/script" has insecure permissions. It must be owned and be
writable by root only to avoid security problems. Set the "su" directive in
the config file to tell logrotate which user/group should be used for rotation.

error: stat of /var/log/script/script.log failed: No such file or directory
================================================== ====

My goal was NOT create the logfile on my own (as root).
so now, the only ("true") solution is to create the file an change
the rights to user "script".

Logrotate is an great tool, but I thought it also can create the file
(instead of user who mostly has not sufficient rights), because
logrotate runs (ever) as root.
Would be a nice feature for an "comprehensive carefree package"of logrotate.

Thanks Meike


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/CAFNHiA9QP=VnQyA2-+5NcQu5CSpEBQ52gVG_pc+1Ww0RXYZDrw@mail.gmail.com
 
Old 09-24-2012, 02:49 PM
Camaleón
 
Default let logrotate create an new empty file?

On Mon, 24 Sep 2012 10:55:10 +0200, Meike Stone wrote:

>> You simple place the log files in a different place where the user that
>> creates the files has write perms or accomodate the "/var/log/
>> your_application/*" directory permissions.
>>
> Yes I did this, and changed the rights to the user from the script:
> mkdir /var/log/script
> chown script.root /var/log/script
> chmod 640 /var/log/script
>
> But logrotate "complains":
> =========================================
> ~# logrotate -d
> /etc/logrotate.d/script reading config file /etc/logrotate.d/script
> reading config info for /var/log/script/script.log
>
> Handling 1 logs
>
> rotating pattern: /var/log/script/escript.log
> 10485760 bytes (99 rotations)
> empty log files are not rotated, old logs are removed considering log
> /var/log/script/script.log error: "/var/log/script" has insecure
> permissions. It must be owned and be writable by root only to avoid
> security problems. Set the "su" directive in the config file to tell
> logrotate which user/group should be used for rotation.

You can omit the warning because you obviously should know beforehand the
security problems it can carry this operation, right? If so and you still
want to go that path, proceed with the suggested step by adding the su
variable at the logrotate config file.

> error: stat of /var/log/script/script.log failed: No such file or
> directory
> ================================================== ====
>
> My goal was NOT create the logfile on my own (as root). so now, the only
> ("true") solution is to create the file an change the rights to user
> "script".

(...)

The application you're running from the cron job has to create the log
file "automatically", not you nor logrotate.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/k3pru5$e50$12@ger.gmane.org
 

Thread Tools




All times are GMT. The time now is 01:53 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org