From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-126677-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QqsgS-0003bq-M2
	for garchives@archives.gentoo.org; Tue, 09 Aug 2011 20:13:53 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 0943521C18A;
	Tue,  9 Aug 2011 20:13:38 +0000 (UTC)
Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id 5560921C164
	for <gentoo-user@lists.gentoo.org>; Tue,  9 Aug 2011 20:12:42 +0000 (UTC)
Received: by wwf25 with SMTP id 25so339495wwf.10
        for <gentoo-user@lists.gentoo.org>; Tue, 09 Aug 2011 13:12:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=from:reply-to:to:subject:date:user-agent:references:in-reply-to
         :mime-version:content-type:content-transfer-encoding:message-id;
        bh=mKowKG+t2BskKrdYNnV4ILa4ElFdQupp+OUS2NGI1ds=;
        b=WMhSX5ro6I3YrfwXvRfWwxYKG0AfBDj6WJPnQq4DwQM+I9+6M0AWBEtapKsO39Jyji
         Rcn4jsJ1FiYM/qfhNIFH1/Z9XP3T/294bDfLFQvMSe7zH2oFPb7EQFZ3P1oqM1B7/he4
         x+X84wJB5RQYvDYo2wEn7i6YoIlZJHFvGJ7IQ=
Received: by 10.216.10.132 with SMTP id 4mr6052659wev.38.1312920761511;
        Tue, 09 Aug 2011 13:12:41 -0700 (PDT)
Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa [217.169.3.230])
        by mx.google.com with ESMTPS id p49sm169046weq.31.2011.08.09.13.12.39
        (version=TLSv1/SSLv3 cipher=OTHER);
        Tue, 09 Aug 2011 13:12:40 -0700 (PDT)
From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] logrotate: /var/log/portage/elog "insecure permissions"?
Date: Tue, 9 Aug 2011 21:13:15 +0100
User-Agent: KMail/1.13.7 (Linux/2.6.39-gentoo-r3; KDE/4.6.3; x86_64; ; )
References: <4E3C0AD2.6080409@gmail.com> <201108070122.11290.michaelkintzios@gmail.com> <4E3EAD32.1060106@binarywings.net>
In-Reply-To: <4E3EAD32.1060106@binarywings.net>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1547573.QuI8SBA3I9";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <201108092113.25740.michaelkintzios@gmail.com>
X-Archives-Salt: 
X-Archives-Hash: da3848015d8244d9099e6326c3b71ef1

--nextPart1547573.QuI8SBA3I9
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Sunday 07 Aug 2011 16:20:18 Florian Philipp wrote:
> Am 07.08.2011 02:22, schrieb Mick:
> > On Friday 05 Aug 2011 23:08:38 Neil Bothwick wrote:
> >> On Fri, 05 Aug 2011 17:59:00 +0200, Florian Philipp wrote:
> >>> Yes, this was introduced in 3.8.0 to fix security issues [1]. Change
> >>> your config to look like this:
> >>> /var/log/portage/elog/summary.log {
> >>> su portage portage
> >>> ...
> >>> }
> >>>=20
> >>> Disclaimer: I've not really tried this (yet) but I think I'm able to
> >>> read changelogs and man-pages. ;-)
> >>=20
> >> Yes that fixes it. The latest portage ebuilds include an updated config
> >> file.
> >=20
> > Hmm ... it still complains here!
> >=20
> > error: error setting owner of
> > /var/log/portage/elog/summary.log-20110801.gz: Operation not permitted
> >=20
> >=20
> > This is my /etc/logrotate.d/elog-save-summary:
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > /var/log/portage/elog/summary.log {
> >=20
> >  su portage portage
> > =20
> >     missingok
> >     nocreate
> >     delaycompress
> >=20
> > }
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> >=20
> > # ls -la /var/log/portage/elog/summary.log
> > -rw-rw-r-- 1 root portage 4326 Aug  6 09:44
> > /var/log/portage/elog/summary.log
> >=20
> > Can you see anything amiss?
>=20
> At least on my system, /var/log/portage has the following permissions:
> drwxr-xr-x root root
>=20
> Only root can write, therefore the config must read
>=20
> /var/log/portage/elog/summary.log {
>  su root portage
>  missingok
>  nocreate
>  delaycompress
> }
>=20
> Hope this helps,
> Florian Philipp

Thanks for this Florian,

It is interesting that two of my machines actually are set up like this:

drwxrws---  2 portage portage     240 Aug  9 21:07 elog

and /var/log/portage is also set up like this:

drwxrws---  4 portage portage     7152 Aug  7 18:04 portage

However, I can't remember if I set it up like that myself (these are old=20
machines).  The latest and newest installation on a third box looks just li=
ke=20
yours.
=2D-=20
Regards,
Mick

--nextPart1547573.QuI8SBA3I9
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEABECAAYFAk5BlOUACgkQVTDTR3kpaLa+LgCg8Ea1w5H5gn61qLM4NzMgi6h5
7zQAoI3JkaWd67EjJbcozCvrOAfjblXn
=QeVL
-----END PGP SIGNATURE-----

--nextPart1547573.QuI8SBA3I9--