我在 OpenSUSE 11.4 上使用 munin 1.4.5。最近更新了 logrotate 以修复一些权限问题,之后抱怨
Mar 3 12:15:05 lucien logrotate: error: "/var/log/munin" has insecure permissions. It must be owned and be writable by root only to avoid security problems. Set the "su" directive in the config file to tell logrotate which user/group should be used for rotation.
Mar 3 12:15:05 lucien logrotate: error: error reading /var/log/munin/munin-html.log: Bad file descriptor
Mar 3 12:15:05 lucien logrotate: error: error reading /var/log/munin/munin-limits.log: Bad file descriptor
Mar 3 12:15:05 lucien logrotate: error: error reading /var/log/munin/munin-update.log: Bad file descriptor
Mar 3 12:15:05 lucien logrotate: error: error reading /var/log/munin/munin-graph.log: Bad file descriptor
Mar 3 12:15:05 lucien logrotate: error: error reading /var/log/munin/munin-node.log: Bad file descriptor
所以我向and添加了su指令:/etc/logrotate.d/munin/etc/logrotate.d/munin-node
/var/log/munin/munin-html.log
/var/log/munin/munin-nagios.log
/var/log/munin/munin-limits.log
/var/log/munin/munin-update.log {
su munin munin
daily
missingok
rotate 7
compress
copytruncate
notifempty
create 640 munin munin
}
/var/log/munin/munin-graph.log {
su munin www
daily
missingok
rotate 7
compress
copytruncate
notifempty
create 660 munin www
}
/var/log/munin/munin-cgi-graph.log {
su wwwrun munin
daily
missingok
rotate 7
compress
copytruncate
notifempty
create 640 wwwrun www
}
/var/log/munin/munin-node.log {
su munin munin
daily
missingok
rotate 7
compress
copytruncate
notifempty
create 640 munin munin
}
现在 logrotate 不再旋转。
Mar 5 12:15:05 lucien logrotate: error: error reading /var/log/munin/munin-html.log: Bad file descriptor
Mar 5 12:15:05 lucien logrotate: error: error reading /var/log/munin/munin-limits.log: Bad file descriptor
Mar 5 12:15:05 lucien logrotate: error: error reading /var/log/munin/munin-update.log: Bad file descriptor
Mar 5 12:15:05 lucien logrotate: error: error reading /var/log/munin/munin-graph.log: Bad file descriptor
Mar 5 12:15:05 lucien logrotate: error: error setting owner of /var/log/munin/munin-cgi-graph.log-20120305: Operation not permitted
Mar 5 12:15:05 lucien logrotate: error: error opening /var/log/munin/munin-node.log: Permission denied
ls -la的一个/var/log/munin/是这里。
如何让 logrotate 再次与 munin 一起工作?
答案1
你的权限很混乱/var/log/munin并在您的配置文件中。您的文件有不同的用户/组对,并且配置中有不同的组/对。
您有 2 个选择来解决您的问题
- 使用默认root:root权限
- 指定于全部您的 munin 规则相同的用户/组对
首先,您可以使用 chown 递归重置权限:
chown -R USER:GROUP /var/log/munin
之后,如果您选择第二种解决方案,则必须将所有su ...行替换为这一行:
su USER GROUP
如果您选择第一个解决方案,则必须完全删除所有su ...行。
答案2
以 root 身份使用“-d”(作为调试)手动运行 logrotate,您将看到漂亮的对话输出。
答案3
原来这是一个漏洞引入logrotate-3.7.9-6.9.1并固定在logrotate-3.7.9-6.12.1.