12

I have a logfile owner by the 'apache' user that I would like to rotate with logrotate.

I would like to do that by running logrotate as a different user, say 'web' using the copytruncate strategy.

That fails with this error: 

error: error setting owner of ./logfile.log.1: Operation not permitted

But only because logrotate tries to change the owner of the new file to the owner of the rotated file, ie apache. But I dont care about the new files having the same owner, if logrotate would create copies with 'web' as owner that would be fine and then it could work fine.

So is there any way to stop logrotate from changing the owner of the copied file?

Leven
  • 221
  • 2
  • 4
  • 2
    Leaving this for posterity: using `postscript` and `chown "$1"` is probably not appropriate here because it won't prevent logrotate from failing to set the owner. – David Lord Jul 23 '15 at 00:47

3 Answers3

11

I use the create directive in my /etc/logrotate.d/ files. Example:

create 0664 www-data www-data
Paul
  • 3,037
  • 6
  • 27
  • 40
3

create will probably do what you describe in the last sentence of your question, but this option is incompatible with copytruncate, which you also say you want to use.

craq
  • 231
  • 3
  • 8
1

I resolved same problem with postrotate and prerotate options:

/opt/bars/web_edu/var/log/nginx*.log {
        su web_edu web_edu
        daily
    compress
        missingok
        rotate 30
        dateext
        notifempty
        create 0644 web_edu web_edu
        sharedscripts
        prerotate
                chown web_edu:web_edu /opt/bars/web_edu/var/log/nginx*.log
        endscript
        postrotate
                [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` || true
                chown web_edu:web_edu /opt/bars/web_edu/var/log/nginx*.gz
                chown web_edu:web_edu /opt/bars/web_edu/var/log/nginx*.log
        endscript
}
Vsevolod Gromov
  • 141
  • 3