New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permissions check #580
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
logrotate
must not check any permissions, it is a tool just for rotating log files, so it must do the rotation only, dirs/files permissions are not the area of expertise oflogrotate
. I, as the system administrator, knows better what permissions my dirs/files should have.Real life example:
we have a website that writes its logs to some subdirectory, so this subdirectory must be writeable by web-server user. This site is served by Jenkins, so it must be writeable by
jenkins
user (to perform deployments, especially the first deployment when site dir is empty). Additionally, this site is maintained by a team of developers, so it must be writeable bydeveloper
group.To ensure this I set up POSIX ACLs:
And now when I try to use
logrotate
I get an error:I can not set
su
directive to something static becauselogs
dir can be created by:jenkins
user;Eventually
I don't understand why
logrotate
tells me something about permissions when it is running asroot
?Why does
logrotate
think it knows better what permissions my dirs/files should have ?What is the problem with just rotating the files and not checking anything else ???
Why do I need to reinvent a similar tool for rotation in such case if a standard tool
logrotate
already exists ?I think either permissions check should be removed from
logrotate
code, or some option (nopermissionscheck
) should be added to disable such checks. This is a real pain withlogrotate
.The text was updated successfully, but these errors were encountered: