From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QqsgS-0003bq-M2 for garchives@archives.gentoo.org; Tue, 09 Aug 2011 20:13:53 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0943521C18A; Tue, 9 Aug 2011 20:13:38 +0000 (UTC) Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 5560921C164 for ; Tue, 9 Aug 2011 20:12:42 +0000 (UTC) Received: by wwf25 with SMTP id 25so339495wwf.10 for ; Tue, 09 Aug 2011 13:12:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=mKowKG+t2BskKrdYNnV4ILa4ElFdQupp+OUS2NGI1ds=; b=WMhSX5ro6I3YrfwXvRfWwxYKG0AfBDj6WJPnQq4DwQM+I9+6M0AWBEtapKsO39Jyji Rcn4jsJ1FiYM/qfhNIFH1/Z9XP3T/294bDfLFQvMSe7zH2oFPb7EQFZ3P1oqM1B7/he4 x+X84wJB5RQYvDYo2wEn7i6YoIlZJHFvGJ7IQ= Received: by 10.216.10.132 with SMTP id 4mr6052659wev.38.1312920761511; Tue, 09 Aug 2011 13:12:41 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa [217.169.3.230]) by mx.google.com with ESMTPS id p49sm169046weq.31.2011.08.09.13.12.39 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 09 Aug 2011 13:12:40 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] logrotate: /var/log/portage/elog "insecure permissions"? Date: Tue, 9 Aug 2011 21:13:15 +0100 User-Agent: KMail/1.13.7 (Linux/2.6.39-gentoo-r3; KDE/4.6.3; x86_64; ; ) References: <4E3C0AD2.6080409@gmail.com> <201108070122.11290.michaelkintzios@gmail.com> <4E3EAD32.1060106@binarywings.net> In-Reply-To: <4E3EAD32.1060106@binarywings.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1547573.QuI8SBA3I9"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201108092113.25740.michaelkintzios@gmail.com> X-Archives-Salt: X-Archives-Hash: da3848015d8244d9099e6326c3b71ef1 --nextPart1547573.QuI8SBA3I9 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Sunday 07 Aug 2011 16:20:18 Florian Philipp wrote: > Am 07.08.2011 02:22, schrieb Mick: > > On Friday 05 Aug 2011 23:08:38 Neil Bothwick wrote: > >> On Fri, 05 Aug 2011 17:59:00 +0200, Florian Philipp wrote: > >>> Yes, this was introduced in 3.8.0 to fix security issues [1]. Change > >>> your config to look like this: > >>> /var/log/portage/elog/summary.log { > >>> su portage portage > >>> ... > >>> } > >>>=20 > >>> Disclaimer: I've not really tried this (yet) but I think I'm able to > >>> read changelogs and man-pages. ;-) > >>=20 > >> Yes that fixes it. The latest portage ebuilds include an updated config > >> file. > >=20 > > Hmm ... it still complains here! > >=20 > > error: error setting owner of > > /var/log/portage/elog/summary.log-20110801.gz: Operation not permitted > >=20 > >=20 > > This is my /etc/logrotate.d/elog-save-summary: > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > /var/log/portage/elog/summary.log { > >=20 > > su portage portage > > =20 > > missingok > > nocreate > > delaycompress > >=20 > > } > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > >=20 > > # ls -la /var/log/portage/elog/summary.log > > -rw-rw-r-- 1 root portage 4326 Aug 6 09:44 > > /var/log/portage/elog/summary.log > >=20 > > Can you see anything amiss? >=20 > At least on my system, /var/log/portage has the following permissions: > drwxr-xr-x root root >=20 > Only root can write, therefore the config must read >=20 > /var/log/portage/elog/summary.log { > su root portage > missingok > nocreate > delaycompress > } >=20 > Hope this helps, > Florian Philipp Thanks for this Florian, It is interesting that two of my machines actually are set up like this: drwxrws--- 2 portage portage 240 Aug 9 21:07 elog and /var/log/portage is also set up like this: drwxrws--- 4 portage portage 7152 Aug 7 18:04 portage However, I can't remember if I set it up like that myself (these are old=20 machines). The latest and newest installation on a third box looks just li= ke=20 yours. =2D-=20 Regards, Mick --nextPart1547573.QuI8SBA3I9 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEABECAAYFAk5BlOUACgkQVTDTR3kpaLa+LgCg8Ea1w5H5gn61qLM4NzMgi6h5 7zQAoI3JkaWd67EjJbcozCvrOAfjblXn =QeVL -----END PGP SIGNATURE----- --nextPart1547573.QuI8SBA3I9--