Univention Bugzilla – Bug 50971
logrotate should create new logfiles with permissions of "old" logfile
Last modified: 2020-03-17 15:24:02 CET
The permissions of files created by logrotations are controlled by the UCR Variable logrotate/create which is evaluated by /base/univention-lib/python/ucrLogrotate.py. This means that we are not able to set the permissions per logfile, we can only set the permissions for all logfiles to the same value. We noticed this when enabling logrotation for radius_ntlm_auth.log in Bug #50545. The logfile is created with the permissions -rw-r--r-- 1 root freerad 291 Jan 11 00:59 radius_ntlm_auth.log After logrotation the permissions are set like this: -rw-r----- 1 root adm 0 Jan 11 01:00 radius_ntlm_auth.log -rw-r--r-- 1 root freerad 291 Jan 11 00:59 radius_ntlm_auth.log.1 since logrotate/create is set to "640 root adm" as default. We should add the possibility to set the file permissions at logrotate creation per logfile.
WORKS-4-ME: > logrotate/create: 640 root adm > Configures mode, owner and group of a log file after rotation, e.g. '640 root adm'. also works for individual sections like the other 'logrotate/$SECTION/....' variables. # ls -ld /var/log/syslog -rw-r----- 1 root adm 33068180 Mär 17 15:18 /var/log/syslog # ucr set logrotate/syslog/create='644 root staff' # grep -A4 /var/log/syslog /etc/logrotate.d/rsyslog /var/log/syslog { daily rotate 84 create 644 root staff # logrotate --force /etc/logrotate.conf # ls -ld /var/log/syslog -rw-r--r-- 1 root staff 3513 Mär 17 15:20 /var/log/syslog