Fedora Linux

2147 readers

1 users here now

All about Fedora Linux

founded 5 years ago

MODERATORS

[email protected]

Help fixing logrotate.service (lemm.ee)

submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

Hello all, can anyone help me figure out what permissions/ownership settings and/or configuration changes I need to make to fix logrotate.service on my Fedora 41 host?

Here is what journalctl reports: https://pastebin.com/Hp31DJEX

It seems like the permission for /var/log/samba/ and /var/log/sshd/ might be messed up? I am struggling to find what the right ownership/permissions for these directories and files should be.

Additionally, when I look in /var/log/ I see many different log files for the same services:

https://pastebin.com/WXivZmST

top 5 comments

sorted by: hot top controversial new old

[–] [email protected] 2 points 1 week ago* (last edited 1 week ago) (1 children)

Did you add/change something in the logrotate configs?

From the journal it looks like it can't create the subdirectory of old which is weird for logrotate which defaults to copy/truncate I believe to avoid permissions issues like this. If the old directory didn't exist before, and you've added that somewhere in the rotation configs, create the directory, and make sure whichever user that runs logrotate has full access to that directory.

It's also telling you directly that it doesn't have permissions, and you need to add the "su" directive in the config to make sure it escalates for privileges.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

Thanks for the reply!

Here are the contents of /etc/logrotate.d/samba

/var/log/samba/*log* {
compress
dateext
maxage 365
rotate 99
notifyempty
olddir /var/log/samba/old
missingok
copytruncate
}

Should I just delete that olddir /var/log/samba/old line? I may have added that line when troubleshooting this issue via referencing old forum posts online, not sure.

[–] [email protected] 2 points 1 week ago (1 children)

Yeah, ditch that and let it just do copytruncate. Nothing else looks especially weird. You can have it move old logs somewhere else if you want, but that's largely not needed, especially if your logs are also being shuffled to journal.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

Cool so I deleted that line. I'm just hoping to get logrotate to work normally with its default configuration lol.

Here's the output of ls -la /var/log/samba/

total 32
drwxr-x---.  3 root root 4096 Mar 22 12:39 .
drwxr-xr-x. 14 root root 4096 Mar 31 03:47 ..
drwx------.  7 root root   90 Mar 22 12:39 cores
-rw-r--r--.  1 root root 4146 Mar 22 15:00 log.nmbd
-rw-r--r--.  1 root root  189 Mar 22 11:40 log.rpcd_classic
-rw-r--r--.  1 root root    0 Mar 22 11:40 log.rpcd_epmapper
-rw-r--r--.  1 root root    0 Mar 22 11:40 log.rpcd_fsrvp
-rw-r--r--.  1 root root    0 Mar 22 11:40 log.rpcd_lsad
-rw-r--r--.  1 root root    0 Mar 22 11:40 log.rpcd_mdssvc
-rw-r--r--.  1 root root    0 Mar 22 11:40 log.rpcd_spoolss
-rw-r--r--.  1 root root  188 Mar 22 11:40 log.rpcd_winreg
-rw-r--r--.  1 root root    0 Mar 22 11:40 log.rpcd_witness
-rw-r--r--.  1 root root  177 Mar 22 11:40 log.samba-dcerpcd
-rwxrwx---.  1 root root  480 Mar 22 14:24 log.smbd
-rwxr-x---.  1 root root    0 Mar 13 20:26 old

I changed a few of these back to root:root ~ a week ago; I believe the ones for smbd and samba-dcerpcd were previously owned by a user and group I set up for my samba share which I think was also causing problems. Do you know if these are otherwise correct?

I just ran sudo systemctl restart logrotate.service and it completed without issues. With that being said, it also completed without issues when I ran it the last couple times over the last few weeks with my old and broken config, so I'm unsure whether that single line fix from /etc/logrotate.d/samba is enough. Is there anything else you can think of I should be checking?

[–] [email protected] 2 points 1 week ago

It's a permissions and pathing issue, so just check it tomorrow and see what it does.