Re: Debian 10 logrotate

[Tan Shao Yi <tansy@tansy.org>]

Hi Sven,

Thank you for the explanation.

I just wanted to add that when doing "systemctl edit logrotate.service", we also need to include the "[Service]" header before specifying ReadWritePaths.

Thank you.

Regards,
Tan Shao Yi

On 21/7/19, 5:55 PM, "Sven Joachim" <svenjoac@gmx.de> wrote:

    On 2019-07-21 02:42 +0000, Tan Shao Yi wrote:
    
    > I upgraded to Debian 10 recently and it looks like logrotate is not
    > working on files outside the /var directory:
    
    This is correct.
    
    > For example,
    >
    > Jul 21 00:00:01 server-name logrotate[8874]: error: error renaming
    > /usr/local/apache/logs/https-error_log.12.gz to
    > /usr/local/apache/logs/https-error_log.13.gz: Read-only file system
    > Jul 21 00:00:03 server-name logrotate[8874]: error: unable to open /usr/local/backup/mysql/mysql.sql.1 for compression
    >
    > The files are present, and I am able to logrotate them manually as
    > root when I run logrotate against the config files in
    > /etc/logrotate.d--it just fails when it is run automatically.
    >
    > May I know if something has changed recently to cause this?
    
    It is the ProtectSystem=full directive in logrotate.service which causes
    /usr to be mounted read-only for logrotate.  See the SANDBOXING section
    in systemd.exec(5).
    
    You can make /usr/local writable with
    "systemctl edit logrotate.service", enter the following line:
    
    ReadWritePaths=/usr/local
    
    in your editor and you're done.
    
    Cheers,
           Sven