New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatic su to file/directory owner #419
Comments
@hkmaly Why so ? |
As I already mentioned, @mat-m , logrotate complains when it's supposed to rotate file in directory with "insecure" permission (group/world writeable by someone else than root). And for good reason, it would be possible to abuse that for attack. The recommended workaround (directly in the error message) is to use "su" directive in config file to tell logrotate which user should be used for rotation ... but that's not possible in situation when the same config file covers multiple directories, each writeable by different group, using single wildcard expression (like |
It does not on my side. I apply logrotate on oracle logs, which folder has |
And is it writeable by the oracle group? The relevant part of code is right here: Lines 1364 to 1373 in eb7ec2b
Do you really need the sample of the error message? |
The proposal makes sense to me. |
OK, my bad, I thought my folders were group-writable, but they're not. |
Would it be possible to specify directive working like su, but instead of using provided user and group it would use user and group of rotated file and/or the directory the file is in?
The idea is, obviously, that single wildcard would match multiple files, each of those possibly having different group (and without the "su" triggering the "because parent directory has insecure permissions" error).
The text was updated successfully, but these errors were encountered: