Logrotate issues with CentOS 7.1 packaged Kolab 3.4
Eric Renfro
psi-jack at linux-help.org
Wed Oct 28 01:16:31 CET 2015
So, after installing Kolab and after logrotate started actually sending me mail for root,
since it was not initially... I'm getting these emails nightly when logrotate runs:
/etc/cron.daily/logrotate:
error: skipping "/var/log/iRony/console" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/iRony/errors" because parent directory has insecure permissions
(It's world writable or writable by group which is not "root") Set "su" directive in config file
to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/iRony/imap" because parent directory has insecure permissions
(It's world writable or writable by group which is not "root") Set "su" directive in config file
to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/iRony/ldap" because parent directory has insecure permissions
(It's world writable or writable by group which is not "root") Set "su" directive in config file
to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/iRony/sendmail" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/iRony/sieve" because parent directory has insecure permissions
(It's world writable or writable by group which is not "root") Set "su" directive in config file
to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/iRony/smtp" because parent directory has insecure permissions
(It's world writable or writable by group which is not "root") Set "su" directive in config file
to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/iRony/sql" because parent directory has insecure permissions (It's
world writable or writable by group which is not "root") Set "su" directive in config file to
tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/iRony/userlogins" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/kolab-freebusy/freebusy.log" because parent directory has
insecure permissions (It's world writable or writable by group which is not "root") Set "su"
directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/kolab-syncroton/console" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/kolab-syncroton/errors" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/kolab-syncroton/imap" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/kolab-syncroton/ldap" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/kolab-syncroton/sendmail" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/kolab-syncroton/sieve" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/kolab-syncroton/smtp" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/kolab-syncroton/sql" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/kolab-syncroton/userlogins" because parent directory has
insecure permissions (It's world writable or writable by group which is not "root") Set "su"
directive in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/roundcubemail/console" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/roundcubemail/errors" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/roundcubemail/imap" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/roundcubemail/ldap" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/roundcubemail/sendmail" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/roundcubemail/sieve" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/roundcubemail/smtp" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/roundcubemail/sql" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
error: skipping "/var/log/roundcubemail/userlogins" because parent directory has insecure
permissions (It's world writable or writable by group which is not "root") Set "su" directive
in config file to tell logrotate which user/group should be used for rotation.
Looks like the packaged logrotate.d files for Kolab is broken, and needs some proper fine-
tuning.
For example:
/etc/logrotate.d/iRony:
/var/log/iRony/console /var/log/iRony/errors /var/log/iRony/imap /var/log/iRony/ldap
/var/log/iRony/sendmail /var/log/iRony/sieve /var/log/iRony/smtp /var/log/iRony/sql
/var/log/iRony/userlogins {
missingok
compress
notifempty
size 30k
create 0660 apache apache
}
Points to /var/log/iRony:
drwxrwx---. 2 apache apache 19 Oct 21 11:40 .
drwxr-xr-x. 20 root root 4096 Oct 27 11:10 ..
-rw-r--r--. 1 apache apache 197970 Oct 27 20:01 errors
So, technically it's correct in that these log files are writable to someone other than root,
because they're owned by the Apache user.
Since these files/directories are owned by apache:apache, the logrotate.d needs to
resemble that with a su line like so:
su apache apache
This insures that it's handled as the apache user, and removes these errors (or should, I'll
be trying it for tonight's run).
Eric Renfro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20151027/b98cc41f/attachment.html>
More information about the users
mailing list