Re: Debian 10 logrotate
On Wednesday 24 July 2019 21:04:13 Tan Shao Yi wrote:
> Hi Sven,
>
> Thank you for the explanation.
>
> I just wanted to add that when doing "systemctl edit
> logrotate.service", we also need to include the "[Service]" header
> before specifying ReadWritePaths.
>
> Thank you.
>
> Regards,
> Tan Shao Yi
>
> On 21/7/19, 5:55 PM, "Sven Joachim" <svenjoac@gmx.de> wrote:
>
> On 2019-07-21 02:42 +0000, Tan Shao Yi wrote:
> > I upgraded to Debian 10 recently and it looks like logrotate is
> > not working on files outside the /var directory:
>
> This is correct.
This is going to be a problem for me unless its fixable. My email logs
were moved to /home/me/log many years ago because I got tired of
fighting with somebody's idea of security denying fetchmail and procmail
rights to keep their logs in /var. Logrotate was easily fixed then. And
I believe its fixed for the stretch I'm running atm.
> > For example,
> >
> > Jul 21 00:00:01 server-name logrotate[8874]: error: error
> > renaming /usr/local/apache/logs/https-error_log.12.gz to
> > /usr/local/apache/logs/https-error_log.13.gz: Read-only file
> > system Jul 21 00:00:03 server-name logrotate[8874]: error:
> > unable to open /usr/local/backup/mysql/mysql.sql.1 for
> > compression
> >
> > The files are present, and I am able to logrotate them manually
> > as root when I run logrotate against the config files in
> > /etc/logrotate.d--it just fails when it is run automatically.
> >
> > May I know if something has changed recently to cause this?
>
> It is the ProtectSystem=full directive in logrotate.service which
> causes /usr to be mounted read-only for logrotate. See the SANDBOXING
> section in systemd.exec(5).
>
> You can make /usr/local writable with
> "systemctl edit logrotate.service", enter the following line:
>
> ReadWritePaths=/usr/local
>
> in your editor and you're done.
>
> Cheers,
> Sven
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: