Hi Y'all,
We have nginx set up and we are having problems with logrotate. The permissions and users do not seem to be any different from other machines that are working ok however the /var/log/nginx does have a directory in there that we are using to collect some special log stuff.
Could this subdirectory be interfering with the logrotate process?
ta
Andrew
[root@ ~]# logrotate -d /etc/logrotate.d/nginx
reading config file /etc/logrotate.d/nginx
Handling 1 logs
rotating pattern: /var/log/nginx/*log after 1 days (10 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/nginx/access.log
error: skipping "/var/log/nginx/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
considering log /var/log/nginx/error.log
error: skipping "/var/log/nginx/error.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
On Sep 24, 2015, at 12:18 AM, Andrew Holway andrew.holway@gmail.com wrote:
error: skipping "/var/log/nginx/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Right there ^^^ it is telling you what is wrong and how to fix it.
Actually, doing what logrotate suggests causes other problems. We don't have this problem on any other system so I am keen to understand the root of the issue rather than start messing around with the default permissions of the log directories.
logrotate only matches /var/log/nginx/*log - /var/log/nginx/access.log & /var/log/nginx/error.log
On the server where we have problems we have /var/log/nginx/subdirectory/some.other.log
On 24 September 2015 at 09:34, Jo Rhett jrhett@netconsonance.com wrote:
On Sep 24, 2015, at 12:18 AM, Andrew Holway andrew.holway@gmail.com wrote:
error: skipping "/var/log/nginx/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is
not
"root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Right there ^^^ it is telling you what is wrong and how to fix it.
-- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Hmm, so it seems that logrotate might be broken for nginx on Centos7. I filed a bug with epel.
https://bugzilla.redhat.com/show_bug.cgi?id=1266105
On 24 September 2015 at 11:49, Andrew Holway andrew.holway@gmail.com wrote:
Actually, doing what logrotate suggests causes other problems. We don't have this problem on any other system so I am keen to understand the root of the issue rather than start messing around with the default permissions of the log directories.
logrotate only matches /var/log/nginx/*log - /var/log/nginx/access.log & /var/log/nginx/error.log
On the server where we have problems we have /var/log/nginx/subdirectory/some.other.log
On 24 September 2015 at 09:34, Jo Rhett jrhett@netconsonance.com wrote:
On Sep 24, 2015, at 12:18 AM, Andrew Holway andrew.holway@gmail.com wrote:
error: skipping "/var/log/nginx/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is
not
"root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Right there ^^^ it is telling you what is wrong and how to fix it.
-- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
It’s interesting in your world, where “broken” is “functions exactly as it is documented to work”
If you want it to match subdirectories then you should add to the logrotate, or add another one yourself for each subdirectory. It’s not hard, and it’s certainly not broken. It does what you tell it to do.
On Sep 24, 2015, at 6:33 AM, Andrew Holway andrew.holway@gmail.com wrote:
Hmm, so it seems that logrotate might be broken for nginx on Centos7. I filed a bug with epel.
https://bugzilla.redhat.com/show_bug.cgi?id=1266105
On 24 September 2015 at 11:49, Andrew Holway andrew.holway@gmail.com wrote:
Actually, doing what logrotate suggests causes other problems. We don't have this problem on any other system so I am keen to understand the root of the issue rather than start messing around with the default permissions of the log directories.
logrotate only matches /var/log/nginx/*log - /var/log/nginx/access.log & /var/log/nginx/error.log
On the server where we have problems we have /var/log/nginx/subdirectory/some.other.log
On 24 September 2015 at 09:34, Jo Rhett jrhett@netconsonance.com wrote:
On Sep 24, 2015, at 12:18 AM, Andrew Holway andrew.holway@gmail.com wrote:
error: skipping "/var/log/nginx/access.log" because parent directory has insecure permissions (It's world writable or writable by group which is
not
"root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Right there ^^^ it is telling you what is wrong and how to fix it.
-- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
I don't want it to match subdirectories. I just want it to rotate the standard, default, access and error logs which in this setup is not working correctly.
If you don't have anything useful to add other than trolling then please keep it to yourself.
On 24 September 2015 at 16:53, Jo Rhett jrhett@netconsonance.com wrote:
It’s interesting in your world, where “broken” is “functions exactly as it is documented to work”
If you want it to match subdirectories then you should add to the logrotate, or add another one yourself for each subdirectory. It’s not hard, and it’s certainly not broken. It does what you tell it to do.
On Sep 24, 2015, at 6:33 AM, Andrew Holway andrew.holway@gmail.com wrote:
Hmm, so it seems that logrotate might be broken for nginx on Centos7. I filed a bug with epel.
https://bugzilla.redhat.com/show_bug.cgi?id=1266105
On 24 September 2015 at 11:49, Andrew Holway andrew.holway@gmail.com wrote:
Actually, doing what logrotate suggests causes other problems. We don't have this problem on any other system so I am keen to understand the
root
of the issue rather than start messing around with the default
permissions
of the log directories.
logrotate only matches /var/log/nginx/*log - /var/log/nginx/access.log
&
/var/log/nginx/error.log
On the server where we have problems we have /var/log/nginx/subdirectory/some.other.log
On 24 September 2015 at 09:34, Jo Rhett jrhett@netconsonance.com
wrote:
On Sep 24, 2015, at 12:18 AM, Andrew Holway andrew.holway@gmail.com wrote:
error: skipping "/var/log/nginx/access.log" because parent directory
has
insecure permissions (It's world writable or writable by group which
is
not
"root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
Right there ^^^ it is telling you what is wrong and how to fix it.
-- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-
Andrew Holway -
Jo Rhett