newsyslog a vlastnici logu

Roman Neuhauser neuhauser at sigpipe.cz
Sat May 7 00:13:45 CEST 2005


# hans at stare.cz / 2005-05-06 19:11:21 +0200:
> Dobre jitro,

    Ty uz to nehul :)
 
> mam vlastnictvi apachich logu zarizene takto:
> 
> ls -l /var/log/apache
> -rw--w----  1 smradoch  www       5731 May  3 16:41 codex.sigpipe.cz.log
> -rw--w----  1 hans      www     261153 Apr 30 23:57 stare.cz.log.0.gz
> ...
> 
> tj user je vlastnikem logu 'svych domen'. Tyto logy se mesicne
> rotuji pomoci newsyslogu takto:
> 
> /var/log/apache/*.log	620  12    *    $M1D0 BGWZ /var/run/httpd.pid
> /var/log/apache/*.err	620  12    *    $M1D0 BGWZ /var/run/httpd.pid
> 
> Problem je v tom, ze po zarotovani vypada vlastnictvi logu takto:
> 
> -rw--w----  1 root      wheel     5731 May  3 16:41 codex.sigpipe.cz.log
> -rw--w----  1 smradoch  www       4315 Apr 29 17:03 codex.sigpipe.cz.log.0.gz
> -rw--w----  1 root      wheel   596075 May  6 18:18 stare.cz.log
> -rw--w----  1 hans      www     261153 Apr 30 23:57 stare.cz.log.0.gz
> 
> To jest nove vytvoreny cerstvy log patri root:wheel (pod nimz
> jede ten newsyslog). Da se newsyslogu nejak rict, aby nove vytvorene
> soubory patrily stejnym userum, jakym patrily zarotovane logy?
> 
> Podle newsyslog.conf(5) lze rici user:group, to se ovsem tyka
> logu, ktere jsem prave zalogoval (alespon tak si vykladam 'archive
> file').
> 
>      owner:group
> 	     This optional field specifies the owner and group for the archive
> 	     file.  The `:' is essential regardless if the owner or
> 	     group field is left blank or contains a value.  The field may be
> 	     numeric, or a name which is present in /etc/passwd or
> 	     /etc/group.
> 
> Muzu samozrejme napsat trivialni script okolo chown a poustet ho po
> rotaci; nebo si muzou useri poustet newsyslog sami (a mit ty logy
> kazdy u sebe doma). Tomu bych se ale rad vyhnul.
> 
> Cele je to na 5.3-RELEASE-p10.

    Prilozeny patch je proti CURRENTu, zkus do pole flags v tech radcich
    newsyslog.conf pridat "O".

    % cvs -q co src/usr.sbin/newsyslog
    % cd $!
    % patch < .../usr.sbin::newsyslog.c-keepowngrp,0.patch
    % sudo make all install BINDIR=/usr/sbin MANDIR=/usr/share/man/man

    Vysledek:

    roman at dagan src/usr.sbin/newsyslog 1059:0 > ls -l /var/log/maill*
    -rw-r-----  1 root  roman  3057 May  6 23:45 /var/log/maillog
    -rw-r-----  1 root  wheel   209 Apr  6 00:00 /var/log/maillog.0.bz2
    -rw-r-----  1 root  wheel   215 Apr  5 00:00 /var/log/maillog.1.bz2
    -rw-r-----  1 root  wheel   717 Mar 28 00:00 /var/log/maillog.2.bz2
    -rw-r-----  1 root  wheel  1168 Mar 23 00:00 /var/log/maillog.3.bz2
    -rw-r-----  1 root  wheel   263 Feb 10 00:00 /var/log/maillog.4.bz2
    -rw-r-----  1 root  wheel   262 Feb  9 00:00 /var/log/maillog.5.bz2
    -rw-r-----  1 root  wheel   211 Feb  8 00:00 /var/log/maillog.6.bz2
    -rw-r-----  1 root  wheel  1313 Feb  7 00:00 /var/log/maillog.7.bz2
    roman at dagan src/usr.sbin/newsyslog 1060:0 > sudo newsyslog -v           
    /var/log/all.log <7J>: does not exist, skipped.
    /var/log/amd.log <7J>: does not exist, skipped.
    /var/log/auth.log <7J>: size (Kb): 16 [100] --> skipping
    /var/log/console.log <5J>: does not exist, skipped.
    /var/log/cron <3J>: size (Kb): 46 [100] --> skipping
    /var/log/daily.log <7J>: does not exist, skipped.
    /var/log/debug.log <7J>: size (Kb): 0 [100] --> skipping
    /var/log/kerberos.log <7J>: does not exist, skipped.
    /var/log/lpd-errs <7J>: size (Kb): 0 [100] --> skipping
    /var/log/maillog <7J>: --> time is up
    --> trimming log....
    /var/log/messages <5J>: size (Kb): 98 [100] --> skipping
    /var/log/monthly.log <12J>: does not exist, skipped.
    /var/log/pflog <3J>: does not exist, skipped.
    /var/log/ppp.log <3J>: size (Kb): 0 [100] --> skipping
    /var/log/security <10J>: size (Kb): 0 [100] --> skipping
    /var/log/sendmail.st <10>:  age (hr): 3 [168] --> skipping
    /var/log/slip.log <3J>: size (Kb): 0 [100] --> skipping
    /var/log/weekly.log <5J>: does not exist, skipped.
    /var/log/wtmp <3>: --> will trim at Wed Jun  1 05:00:00 2005
    /var/log/xferlog <7J>: size (Kb): 0 [100] --> skipping
    Signal all daemon process(es)...
    Notified daemon pid 295 = /var/run/syslog.pid
    Pause 10 seconds to allow daemon(s) to close log file(s)
    Compress all rotated log file(s)...
    roman at dagan src/usr.sbin/newsyslog 1061:0 > ls -l /var/log/maill*
    -rw-r-----  1 root  roman    59 May  7 00:09 /var/log/maillog
    -rw-r-----  1 root  roman   858 May  7 00:09 /var/log/maillog.0.bz2
    -rw-r-----  1 root  roman   209 Apr  6 00:00 /var/log/maillog.1.bz2
    -rw-r-----  1 root  roman   215 Apr  5 00:00 /var/log/maillog.2.bz2
    -rw-r-----  1 root  roman   717 Mar 28 00:00 /var/log/maillog.3.bz2
    -rw-r-----  1 root  roman  1168 Mar 23 00:00 /var/log/maillog.4.bz2
    -rw-r-----  1 root  roman   263 Feb 10 00:00 /var/log/maillog.5.bz2
    -rw-r-----  1 root  roman   262 Feb  9 00:00 /var/log/maillog.6.bz2
    -rw-r-----  1 root  roman   211 Feb  8 00:00 /var/log/maillog.7.bz2

    S tim, ze to chownuje vsechny stare archivy, se neda asi rozumne
    nic delat, navic by mi to ani nepripadalo jako dulezita / uzitecna
    vlastnost.

-- 
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man.  You don't KNOW.
Cause you weren't THERE.             http://bash.org/?255991
-------------- next part --------------
Index: newsyslog.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/newsyslog/newsyslog.c,v
retrieving revision 1.101
diff -u -u -r1.101 newsyslog.c
--- newsyslog.c	3 Mar 2005 15:47:32 -0000	1.101
+++ newsyslog.c	6 May 2005 21:36:24 -0000
@@ -111,6 +111,7 @@
 				/*    process when trimming this file. */
 #define	CE_CREATE	0x0100	/* Create the log file if it does not exist. */
 #define	CE_NODUMP	0x0200	/* Set 'nodump' on newly created log file. */
+#define	CE_KEEPOWNGRP	0x0400	/* Preserve ownership of archived log files. */
 
 #define	MIN_PID         5	/* Don't touch pids lower than this */
 #define	MAX_PID		99999	/* was lower, see /usr/include/sys/proc.h */
@@ -449,6 +450,7 @@
 	fk_entry free_or_keep;
 	double diffsecs;
 	char temp_reason[REASON_MAX];
+	struct stat old_log;
 
 	free_or_keep = FREE_ENT;
 	if (verbose) {
@@ -559,6 +561,14 @@
 		 * If the file needs to be rotated, then rotate it.
 		 */
 		if (ent->rotate && !norotate) {
+			if (ent->flags & CE_KEEPOWNGRP) {
+				if (stat(ent->log, &old_log) != 0) {
+					// FIXME: log
+				} else {
+					ent->uid = old_log.st_uid;
+					ent->gid = old_log.st_gid;
+				}
+			}
 			if (temp_reason[0] != '\0')
 				ent->r_reason = strdup(temp_reason);
 			if (verbose)
@@ -1348,6 +1358,9 @@
 			case 'n':
 				working->flags |= CE_NOSIGNAL;
 				break;
+			case 'o':
+				working->flags |= CE_KEEPOWNGRP;
+				break;
 			case 'u':
 				working->flags |= CE_SIGNALGROUP;
 				break;


More information about the Users-l mailing list