Bug#606959: logrotate script should set correct owner/group

[Laurent Bigonville]

Le Mon, 13 Dec 2010 16:26:20 +0200,
Tzafrir Cohen <tzafrir.cohen at xorcom.com> a écrit :

> Sorry, but  I fail to see no problem here.
> 
> The directory /var/log/asterisk is owned by asterisk (permissions set
> in postinst script).
> 
> After log rotation, asterisk is ordered 'logger reload', which reopens
> log files (and generating new ones if needed).
> 
> Could you please give more details on how to reproduce the problem?

According to logrotate manpage[1] the new file is created by logrotate
just after the rotation with the permissions of the old one.

So if for some reasons the file is missing or has bad permissions
asterisk will not (re)start and nothing will fix the permissions.

I think adding "create 644 asterisk asterisk" could be interesting.
Or ever better solution is to use "create 640 asterisk adm" (some other
daemons are doing something similar),but this would also requires
changing group of the directory to adm I guess.

Cheers

Laurent Bigonville


[1] create mode owner group
       Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated).   mode  speci‐
       fies the mode for the log file in octal (the same as chmod(2)), owner specifies the user name who will own the log file, and group specifies the group the
       log file will belong to. Any of the log file attributes may be omitted, in which case those attributes for the new file will use the same  values  as  the
       original log file for the omitted attributes. This option can be disabled using the nocreate option.