Re: Debian 10 logrotate

To: debian-user@lists.debian.org
Subject: Re: Debian 10 logrotate
From: Gene Heskett <gheskett@shentel.net>
Date: Thu, 25 Jul 2019 02:01:49 -0400
Message-id: <[🔎] 201907250201.49056.gheskett@shentel.net>
In-reply-to: <[🔎] C1D43B8E-6CA1-41EA-80E0-7231B4051DA2@tansy.org>
References: <[🔎] BB66D1AB-AF81-4B89-A6B6-1F5A7753BDD3@tansy.org> <[🔎] 87ftmzvhix.fsf@turtle.gmx.de> <[🔎] C1D43B8E-6CA1-41EA-80E0-7231B4051DA2@tansy.org>

On Wednesday 24 July 2019 21:04:13 Tan Shao Yi wrote:

> Hi Sven,
>
> Thank you for the explanation.
>
> I just wanted to add that when doing "systemctl edit
> logrotate.service", we also need to include the "[Service]" header
> before specifying ReadWritePaths.
>
> Thank you.
>
> Regards,
> Tan Shao Yi
>
> On 21/7/19, 5:55 PM, "Sven Joachim" <svenjoac@gmx.de> wrote:
>
>     On 2019-07-21 02:42 +0000, Tan Shao Yi wrote:
>     > I upgraded to Debian 10 recently and it looks like logrotate is
>     > not working on files outside the /var directory:
>
>     This is correct.

This is going to be a problem for me unless its fixable. My email logs 
were moved to /home/me/log many years ago because I got tired of 
fighting with somebody's idea of security denying fetchmail and procmail 
rights to keep their logs in /var. Logrotate was easily fixed then. And 
I believe its fixed for the stretch I'm running atm.


>     > For example,
>     >
>     > Jul 21 00:00:01 server-name logrotate[8874]: error: error
>     > renaming /usr/local/apache/logs/https-error_log.12.gz to
>     > /usr/local/apache/logs/https-error_log.13.gz: Read-only file
>     > system Jul 21 00:00:03 server-name logrotate[8874]: error:
>     > unable to open /usr/local/backup/mysql/mysql.sql.1 for
>     > compression
>     >
>     > The files are present, and I am able to logrotate them manually
>     > as root when I run logrotate against the config files in
>     > /etc/logrotate.d--it just fails when it is run automatically.
>     >
>     > May I know if something has changed recently to cause this?
>
>     It is the ProtectSystem=full directive in logrotate.service which
> causes /usr to be mounted read-only for logrotate.  See the SANDBOXING
> section in systemd.exec(5).
>
>     You can make /usr/local writable with
>     "systemctl edit logrotate.service", enter the following line:
>
>     ReadWritePaths=/usr/local
>
>     in your editor and you're done.
>
>     Cheers,
>            Sven


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

References:
- Debian 10 logrotate
  - From: Tan Shao Yi <tansy@tansy.org>
- Re: Debian 10 logrotate
  - From: Sven Joachim <svenjoac@gmx.de>
- Re: Debian 10 logrotate
  - From: Tan Shao Yi <tansy@tansy.org>

Prev by Date: Re: column - how to get it updated?
Next by Date: Re: buster, ekiga.
Previous by thread: Re: Debian 10 logrotate
Next by thread: I Can't use adminer
Index(es):
- Date
- Thread