RE: Logrotate for Sentora (Centos 6&7 Ubuntu & Debian)
03-16-2016, 12:35 AM
(This post was last modified: 03-16-2016, 01:15 AM by jbeaumont.)
Having some problems with this.
This is my apache logrotate. Slightly tweaked from the OPs:
When do a test run for this log with
I get lots of errors like this:
So I checked the permissions on the directory "reseller":
Ok, odd that it's owned by root:root and not www-data but since it's world writable I can see apache can make files in there.
But it gets weirder. The permissions on the files in the directory are all as such:
They are owned by root with only root allowed to write to them. Yet apache is writing to them just fine. I checked that www-data is not in root's group.
AFAIK these are the defaults from the Sentora installation. I have not changed anything manually.
So two questions:
- What does the logrotate error really mean and how can I fix it without breaking sentora?
- How is apache able to write to the log files when they are owned by root:root?
EDIT:
Solved my problem. Apparently when a rotate is run manually logrotate doesn't know who to run as to do the rotation and so it needs specifying the config file. Now my config looks like this:
Rotate seems to be working fine and apache is writing to the new log files.
This is my apache logrotate. Slightly tweaked from the OPs:
Code:
/var/sentora/logs/domains/*/*access.log /var/sentora/logs/domains/*/*bandwidth.log /var/sentora/logs/domains/*/*error.log /var/sentora/logs/zpanel.log /var/sentora/logs/sentora*.log /var/sentora/logs/daemon*.log {
weekly
missingok
rotate 4
create 640 www-data www-data
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
}When do a test run for this log with
Code:
logrotate -df /etc/logrotate/sentora-apacheI get lots of errors like this:
Code:
error: skipping "/var/sentora/logs/domains/reseller/somedomain.com-error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.So I checked the permissions on the directory "reseller":
Code:
drwxrwxrwx 2 root root 4096 Mar 15 14:16 resellerOk, odd that it's owned by root:root and not www-data but since it's world writable I can see apache can make files in there.
But it gets weirder. The permissions on the files in the directory are all as such:
Code:
-rw-rw-r-- 1 root root 234 Jan 7 15:40 somedomain.com-error.logThey are owned by root with only root allowed to write to them. Yet apache is writing to them just fine. I checked that www-data is not in root's group.
AFAIK these are the defaults from the Sentora installation. I have not changed anything manually.
So two questions:
- What does the logrotate error really mean and how can I fix it without breaking sentora?
- How is apache able to write to the log files when they are owned by root:root?
EDIT:
Solved my problem. Apparently when a rotate is run manually logrotate doesn't know who to run as to do the rotation and so it needs specifying the config file. Now my config looks like this:
Code:
/var/sentora/logs/domains/*/*access.log /var/sentora/logs/domains/*/*bandwidth.log /var/sentora/logs/domains/*/*error.log /var/sentora/logs/zpanel.log /var/sentora/logs/sentora*.log /var/sentora/logs/daemon*.log {
su root syslog
weekly
missingok
rotate 4
create 640 www-data www-data
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
}Rotate seems to be working fine and apache is writing to the new log files.
