Logrotate permissions and ownerships need adjusting #1456
Labels
Comments
|
thanks! I am fixing the permissions of the logrotate file. However, if |
ktsaou
added a commit
to ktsaou/netdata
that referenced
this issue
Dec 27, 2016
|
Dear Costa,
Have reverted the user and group ownership of /var/log/netdata and have
restarted netdata after deleting the existing log files. Works fine! :-)
I am now putting in this change on my other Linux systems. Thanks.
Regards,
Jeffrey Wong
…On Tue, Dec 27, 2016 at 11:29 AM, Costa Tsaousis ***@***.***> wrote:
thanks!
I am fixing the permissions of the logrotate file.
However, if /var/log/netdata is owned by root:root, netdata will not be
able to create files there. Just delete the logs and restart netdata.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1456 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGsyJsUY-t8YLfW9AgUdFdrUU9f9wQR6ks5rMWcJgaJpZM4LWdEY>
.
|
Merged
|
Dear Costa,
Apologies for the late testing of Debian Jessie, I got distracted earlier
today by work. Anyway, I have some unwelcome news when I set the
/var/log/netdata directory back to owner netdata, group netdata, as follows:
+ logrotate -f /etc/logrotate.conf
error: skipping "/var/log/netdata/access.log" because parent directory has
insecure permissions (It's world writable or writable by group which is not
"root") Set "su" directive in config file to tell logrotate which
user/group should be used for rotation.
error: skipping "/var/log/netdata/debug.log" because parent directory has
insecure permissions (It's world writable or writable by group which is not
"root") Set "su" directive in config file to tell logrotate which
user/group should be used for rotation.
error: skipping "/var/log/netdata/error.log" because parent directory has
insecure permissions (It's world writable or writable by group which is not
"root") Set "su" directive in config file to tell logrotate which
user/group should be used for rotation.
So, I am leaving my Debian Jessie installations alone for now, with
/var/log/netdata set to root:root. Thanks.
Regards,
Jeffrey Wong
…On Tue, Dec 27, 2016 at 2:32 PM, Costa Tsaousis ***@***.***> wrote:
Closed #1456 <#1456> via #1458
<#1458>.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1456 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AGsyJsd-Ov-olmiBmPMNuAJ_5mkQ46FLks5rMZIYgaJpZM4LWdEY>
.
|
|
Dear Costa,
As substantiation, please find the current test command sequences for
Debian Jessie. Thanks:
pi@raspberrypi3:~/Downloads $ sudo ./dj*.sh
+ chmod ugo-x /etc/logrotate.d/netdata
+ ls -ld /etc/logrotate.d/netdata
-rw-r--r-- 1 root root 196 Dec 9 00:12 /etc/logrotate.d/netdata
+ chown root /var/log/netdata
+ chgrp root /var/log/netdata
+ ls -ld /var/log/netdata
drwxrwxr-x 2 root root 4096 Dec 28 00:39 /var/log/netdata
+ ls -ld /var/log/netdata/access.log /var/log/netdata/debug.log
/var/log/netdata/error.log
-rw-r--r-- 1 netdata netdata 3951 Dec 28 00:43 /var/log/netdata/access.log
-rw-r--r-- 1 netdata netdata 0 Dec 28 00:39 /var/log/netdata/debug.log
-rw-r--r-- 1 netdata netdata 38194 Dec 28 00:40 /var/log/netdata/error.log
+ systemctl restart netdata
+ systemctl status netdata
● netdata.service - Real time performance monitoring
Loaded: loaded (/etc/systemd/system/netdata.service; enabled)
Active: active (running) since Wed 2016-12-28 00:44:18 PST; 24ms ago
Main PID: 573 (netdata)
CGroup: /system.slice/netdata.service
└─573 /usr/sbin/netdata -D
Dec 28 00:44:18 raspberrypi3 systemd[1]: Started Real time performance
monitoring.
+ logrotate -f /etc/logrotate.conf
+ sleep 60
+ logrotate -f /etc/logrotate.conf
+ ls -ltr /var/log/netdata/access.log /var/log/netdata/access.log.1
/var/log/netdata/access.log.2.gz /var/log/netdata/debug.log
/var/log/netdata/error.log /var/log/netdata/error.log.1
-rw-r--r-- 1 netdata netdata 0 Dec 28 00:39 /var/log/netdata/debug.log
-rw-r--r-- 1 netdata netdata 592 Dec 28 00:44
/var/log/netdata/access.log.2.gz
-rw-r--r-- 1 netdata netdata 77403 Dec 28 00:44 /var/log/netdata/error.log.1
-rw-r--r-- 1 netdata netdata 1011 Dec 28 00:45
/var/log/netdata/access.log.1
-rw-r--r-- 1 netdata netdata 0 Dec 28 00:45 /var/log/netdata/access.log
-rw-r--r-- 1 netdata netdata 79 Dec 28 00:45 /var/log/netdata/error.log
+ exit 0
pi@raspberrypi3:~/Downloads $
Regards,
Jeffrey Wong
…On Wed, Dec 28, 2016 at 12:33 AM, Jeffrey Wong ***@***.***> wrote:
Dear Costa,
Apologies for the late testing of Debian Jessie, I got distracted earlier
today by work. Anyway, I have some unwelcome news when I set the
/var/log/netdata directory back to owner netdata, group netdata, as follows:
+ logrotate -f /etc/logrotate.conf
error: skipping "/var/log/netdata/access.log" because parent directory has
insecure permissions (It's world writable or writable by group which is not
"root") Set "su" directive in config file to tell logrotate which
user/group should be used for rotation.
error: skipping "/var/log/netdata/debug.log" because parent directory has
insecure permissions (It's world writable or writable by group which is not
"root") Set "su" directive in config file to tell logrotate which
user/group should be used for rotation.
error: skipping "/var/log/netdata/error.log" because parent directory has
insecure permissions (It's world writable or writable by group which is not
"root") Set "su" directive in config file to tell logrotate which
user/group should be used for rotation.
So, I am leaving my Debian Jessie installations alone for now, with
/var/log/netdata set to root:root. Thanks.
Regards,
Jeffrey Wong
On Tue, Dec 27, 2016 at 2:32 PM, Costa Tsaousis ***@***.***>
wrote:
> Closed #1456 <#1456> via #1458
> <#1458>.
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <#1456 (comment)>, or mute
> the thread
> <https://github.com/notifications/unsubscribe-auth/AGsyJsd-Ov-olmiBmPMNuAJ_5mkQ46FLks5rMZIYgaJpZM4LWdEY>
> .
>
|
|
I think this will fix it: added line I tested here and it works. Can you test it? |
|
Dear Costa,
I will do so later today and get back to you then. Will that hopefully be
ok for you? Thanks.
Regards,
Jeffrey Wong
…On Wed, Dec 28, 2016 at 12:52 AM, Costa Tsaousis ***@***.***> wrote:
I think this will fix it:
/var/log/netdata/*.log {
su netdata netdata
daily
missingok
rotate 14
compress
delaycompress
notifempty
sharedscripts
postrotate
/bin/kill -HUP `pidof netdata 2>/dev/null` 2>/dev/null || true
endscript
}
added line su netdata netdata.
I tested here and it works.
Can you test it?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1456 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGsyJtrs1CNdeFSHpw3z2yi_4xks1thpks5rMiNegaJpZM4LWdEY>
.
|
ktsaou
added a commit
to ktsaou/netdata
that referenced
this issue
Dec 28, 2016
|
Yes it is ok. |
|
Check:
hm... I stopped. I think the best option is to set mode 0755 to |
ktsaou
added a commit
to ktsaou/netdata
that referenced
this issue
Dec 28, 2016
…ogrotate work; #fixes netdata#1456
|
I made another change. The directory will be owned by |
|
merged the change. |
|
Dear Costa,
Sorry for the delay, was busy.
Anyway, your change has worked 100% :-). Thanks for the quick response! :-)
Regards,
Jeffrey Wong
…On Wed, Dec 28, 2016 at 1:34 AM, Costa Tsaousis ***@***.***> wrote:
merged the change.
Just update your netdata and the installer will fix the permissions.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1456 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AGsyJgGuLOEjawLDg_ffwdA8PcEBUuoVks5rMi03gaJpZM4LWdEY>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
Logrotate of the netdata logs was not working on my Debian systems (Debian Jessie, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, Elementary O/S Loki, Linux Mint Cinnamon 18) ntil I made the following adjustments:
sudo chmod ugo-x /etc/logrotate.d/netdata
sudo chown root /var/log/netdata
sudo chgrp root /var/log/netdata
Hope the above solution helps somebody. Thanks.
The text was updated successfully, but these errors were encountered: