Closed
Conversation
It is not required to be able to open the logfile in read-write mode when we are compressing the file. A read-only open is sufficient. This is useful when trying to run logrotate as non-root, to handle rotation of files created by a container for instance. As long as we have write permission in the directory holding the logfile, there is no reason to prevent the operation (since that user could manually rename() the file with write permissions in the directory and then compress it).
There is no need to attempt to change the user/group of files if we are not running as root. We can leave the permissions to what the user running logrotate would get if doing the same operation manually by copying the file!
cgzones
reviewed
Jan 27, 2021
kdudka
approved these changes
Feb 1, 2021
Member
kdudka
left a comment
There was a problem hiding this comment.
Thanks for the update! Looks good to me.
cgzones
approved these changes
Feb 2, 2021
Member
|
Merging, thanks! |
kdudka
pushed a commit
that referenced
this pull request
Feb 2, 2021
There is no need to attempt to change the user/group of files if we are not running as root. We can leave the permissions to what the user running logrotate would get if doing the same operation manually by copying the file! Closes: #372
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Small changes required to allow a normal user to run logrotate on files that do not belong to user.
This is useful when a container writes logs to a mapped directory, belonging to the user, but whose files have "foreign ids" (those of the container environment). The ability to rotate the logs and have the logs compressed is important but requires that logs be opened read-only when compressing them, and that no attempt be made to "chown" them to the same uid/gid as the original log file.