From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-126616-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Qq5Af-0005PR-60
	for garchives@archives.gentoo.org; Sun, 07 Aug 2011 15:21:45 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id A4BE721C191;
	Sun,  7 Aug 2011 15:21:33 +0000 (UTC)
Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com [66.111.4.27])
	by pigeon.gentoo.org (Postfix) with ESMTP id 8EFE721C145
	for <gentoo-user@lists.gentoo.org>; Sun,  7 Aug 2011 15:20:27 +0000 (UTC)
Received: from compute6.internal (compute6.nyi.mail.srv.osa [10.202.2.46])
	by gateway1.messagingengine.com (Postfix) with ESMTP id 4CFD320CE9
	for <gentoo-user@lists.gentoo.org>; Sun,  7 Aug 2011 11:20:27 -0400 (EDT)
Received: from frontend2.messagingengine.com ([10.202.2.161])
  by compute6.internal (MEProxy); Sun, 07 Aug 2011 11:20:27 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	messagingengine.com; h=message-id:date:from:mime-version:to
	:subject:references:in-reply-to:content-type; s=smtpout; bh=pKhK
	MUTbMBXPu3l8HC1ZPxQR+qI=; b=AJr9ECUOYVMPcVQKcwTGfWg8hYxrnnHtq5I4
	LklfhKRZC8ypHpWmAcXioWQ0onEtVH1uppwZQpRZXE5zVNKmvCXo1b4G3f34sNeX
	x6rQW2DHHyuUTRAOOlwic1RhISqK+GYIDuqX2Dz85mWBdjeH9fRHFoUj9Ez7jh5Y
	HaPXv40=
X-Sasl-enc: b1+yte2357UrtpBD+1kUAUlYAkchd/nGJX2ygccd82/B 1312730426
Received: from [192.168.5.18] (serv.binarywings.net [83.169.5.6])
	by mail.messagingengine.com (Postfix) with ESMTPSA id 2186045A2F0
	for <gentoo-user@lists.gentoo.org>; Sun,  7 Aug 2011 11:20:25 -0400 (EDT)
Message-ID: <4E3EAD32.1060106@binarywings.net>
Date: Sun, 07 Aug 2011 17:20:18 +0200
From: Florian Philipp <lists@binarywings.net>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110730 Lightning/1.0b3pre Thunderbird/3.1.10
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] logrotate: /var/log/portage/elog "insecure permissions"?
References: <4E3C0AD2.6080409@gmail.com> <4E3C1344.5010903@binarywings.net> <20110805230838.315417e1@zaphod.digimed.co.uk> <201108070122.11290.michaelkintzios@gmail.com>
In-Reply-To: <201108070122.11290.michaelkintzios@gmail.com>
X-Enigmail-Version: 1.1.2
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigA439BD08B6CB2F54B560331A"
X-Archives-Salt: 
X-Archives-Hash: 07889658c3c50f7a844eeeeb3739e364

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigA439BD08B6CB2F54B560331A
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Am 07.08.2011 02:22, schrieb Mick:
> On Friday 05 Aug 2011 23:08:38 Neil Bothwick wrote:
>> On Fri, 05 Aug 2011 17:59:00 +0200, Florian Philipp wrote:
>>> Yes, this was introduced in 3.8.0 to fix security issues [1]. Change
>>> your config to look like this:
>>> /var/log/portage/elog/summary.log {
>>> su portage portage
>>> ...
>>> }
>>>
>>> Disclaimer: I've not really tried this (yet) but I think I'm able to
>>> read changelogs and man-pages. ;-)
>>
>> Yes that fixes it. The latest portage ebuilds include an updated confi=
g
>> file.
>=20
> Hmm ... it still complains here!
>=20
> error: error setting owner of /var/log/portage/elog/summary.log-2011080=
1.gz:=20
> Operation not permitted
>=20
>=20
> This is my /etc/logrotate.d/elog-save-summary:
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> /var/log/portage/elog/summary.log {
>  su portage portage
>     missingok
>     nocreate
>     delaycompress
> }
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
> # ls -la /var/log/portage/elog/summary.log
> -rw-rw-r-- 1 root portage 4326 Aug  6 09:44 /var/log/portage/elog/summa=
ry.log
>=20
> Can you see anything amiss?

At least on my system, /var/log/portage has the following permissions:
drwxr-xr-x root root

Only root can write, therefore the config must read

/var/log/portage/elog/summary.log {
 su root portage
 missingok
 nocreate
 delaycompress
}

Hope this helps,
Florian Philipp


--------------enigA439BD08B6CB2F54B560331A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4+rTYACgkQqs4uOUlOuU/sNgCfYvk7id8q3h/magE+OlvSkrYP
2qcAnima6HB17MvWuxzzmYp0V8s1nkYV
=862B
-----END PGP SIGNATURE-----

--------------enigA439BD08B6CB2F54B560331A--