On Monday 01 August 2011, Ludwig Nussel wrote:
Ruediger Meier wrote:
I would suggest to change logrotate config from "create 640 root root" to just "create" and to track these logfiles within /etc/permissions* too.
This would make things more generic, simple and consistent. What do you think?
The syslog daemon just needs to create the file with proper permissions in the first place. Involving /etc/permissions shouldn't be needed.
Yes, but IMO these permissions shouldn't be "hardcoded" defined in /etc/logrotate.d/ This is inconsistent because the first creation after installation is not managed by logrotate. I've mentioned two independent things to do: 1. To fix the inconsistency it would be enough to remove the mode/owner/group attributes from logrotate's create statements. In this case it will just use the permissions of the old rotated log file which should have the right permissions already. (This is a documented feature of logrotate). 2. Involving /etc/permissions is not needed but would be nice for the user to override default logfile permissions resistant over RPM updates or (de)install. Furthermore you could see these permissions at one place instead of several rpmspecs, postinstall scripts or wherever these log files are created at the first time. And also would be nice to have different log file permissions defined for the levels easy/secure/paranoid. Point 1. would just solve a bug. Point 2. is a nice feature which requires 1. to be solved. cu, Rudi -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org