I have a collection of log files with various owners. Each log file corresponds to one of a suite of programs, and the permissions are group writable so that whoever starts the program(s) can write to the logs. (Files are 660, directories are 774).
I would like to use logrotate to archive the logs from time to time. Since everybody in our group can read the files, I assumed that the logrotate could be executed by a user. However, logrotate tries to create the rotated files with the same owner as the originals. If the active user owns all the files, everything works fine, but otherwise logrotate fails because users don't have permission to create files owned by someone else.
Is there a way to get around this? So far I've considered (and discarded) the following options
- running logrotate as root. Ideally I would trigger logrotate from within one of the other programs, which can be run by anybody in the group. Even those without sudo rights.
- the
createoption could help for subsequent logrotations, since the active user would own all logfiles. But it wouldn't help for the first time logrotate is called. - the
suoption requires root permissions, and may not help, since the log files are not necessarily all owned by the same user. - roll my own script based on
cp/mvand> ${file}. I would like to make use of existing tools if possible.
