Re: Error with logrotate.
On Tuesday 13 August 2019 15:03:53 Lee wrote:
> On 8/13/19, Gene Heskett <gheskett@shentel.net> wrote:
> > On Tuesday 13 August 2019 02:24:34 deloptes wrote:
> >> Gene Heskett wrote:
> >> > Its good that we can fix it, BUT IF you are going to restrict
> >> > where we keep logfiles like this then FIX the /var/log perms so
> >> > that fetchmail, procmail, spamassassin, clamav and its ilk,
> >> > running as the user can access /var/log to keep its logs.
> >> > Debian's legendary paranoia about who can write a log in /var/log
> >> > has long since forced most of us that want that log, into moving
> >> > it to /home/username/log and reprogramming logrotate to maintain
> >> > it there years ago.
> >>
> >> So why should user be able to write in /var/log? It is the systems
> >> log directory not the users.
> >
> > I don't have a beef with that. My beef is that there has been no
> > effort to make it easy for the user to take care of his own logs,
> > and now systemd wants to disable housekeeping the only sensible
> > place for a user to keep his logs in. And I totally fail to see how
> > that level of paranoia can be justified.
> >
> >> I am not aware of any program I've been using
> >> for the past 15y that would have a problem writing in /var/log
> >
> > Then tell me how fetchmail, procmail, clamav or spamd running as me,
> > can keep their logs in /var/log, the permissions just aren't there
> > after a reboot.
>
> I had the same problem with /var/log file permissions being reset so,
> for bind, I made a /var/log/bind, set the permissions on the directory
> & changed bind to log to /var/log/bind/named.log
>
I don't use bind, haven't touched it since it was attacked at RH6.2, in
what, 2001? decade+ ago. I don't even think its installed. yes it is but
its not running. In that case I sensed something wrong and rebooted the
machine before he could clean up his tracks, then kept a list as I
housecleaned, and sent it to his ISP along with a nastygram. 10 minutes
later his address disappeared from the logs never to appear again.
Since then I've only run hosts based systems. dnsmasq in the router, no
avahi or dhcp findable & the only dns address in any machine this side
of the router is the router. If the router doesn't have it in the cache,
it queries the ISP. Its all attack-proof, and it all Just Works.
Theres lots of ways to skin that cat but I always start by making sure
its well and truly dead. :)
> ^shrug^ probably not The Right Way To Do It, but it works & I'm happy.
Didn't work here, didn't dig deep enough to find out why. I maybe could
have made it work, but since it was my logs, why not just move them to
~/log ? So I did, but stretches renewed paranoia just had to screw
something up. Hopefully these changes will work.
> If you make a /var/log/mail & configure fetchmail, procmail, etc. to
> log there it'll probably work
>
> Regards,
> Lee
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: