On Mon, Jul 04, 2005 at 06:20:24PM +0200, Sven 'Darkman' Michels wrote:
Hi there,
i noticed a "small" problem with logrotate (at least on SLES9): we've very restrictive rights for all our logfiles cause many of them contain sensitive informations. So we use 'create 0600 user group' to protect our logs. Now the problem: a rotated logfile (gzipped) has 644 and root.root permissions instead of the 'secure' ones. So we've a small security problem here. One way to fix this would be a postrotate script to fix the permissions, but is this really the way? I think if i use special permissions for my logs, they should applyed to the archives, too.
Did i miss something in the manpage(s) or is this the normal behavior? (didn't yet take a look into the source due to lack of time...)
A fix for this will be released with SLES 9 Service Pack 2 ... release very likely within the next week. Ciao, Marcus