Log rotate on logfiles on content disk

[pieterD7]

In order to have logrotate enabled on the log files on the content disk to make sure the log files don't take up too much diskspace a cmod og-w is needed, but it doesn't work:

logrotate restart:

Jan 29 00:13:55 elimupi logrotate[8340]: error: skipping "/mnt/content/www_log/*.log" because parent directory has insecure permissions (It's world writable or writable by group which is no Jan 29 00:13:55 elimupi systemd[1]: logrotate.service: Main process exited, code=exited, status=1/FAILURE

a fix would be this but it doesn't work:

pi@elimupi:~/elimupi2.0 $ sudo chmod -v og-w /mnt/content/www_log mode of '/mnt/content/www_log' changed from 0777 (rwxrwxrwx) to 0755 (rwxr-xr-x) pi@elimupi:~/elimupi2.0 $ sudo chmod -v og-w /mnt/content/www_log mode of '/mnt/content/www_log' changed from 0777 (rwxrwxrwx) to 0755 (rwxr-xr-x)

[alonsovidales]

Hey!

A possible solution to have permissions in NTFS would be to create an ext4 image in the device:

pi@elimupi:/mnt/content $ dd if=/dev/zero of=logs bs=1M count=1000
1000+0 records in
1000+0 records out
1048576000 bytes (1.0 GB, 1000 MiB) copied, 47.6029 s, 22.0 MB/s
pi@elimupi:/mnt/content $ mkfs.ext4 logs
mke2fs 1.46.2 (28-Feb-2021)
Creating filesystem with 256000 4k blocks and 64000 inodes
Filesystem UUID: 487aeda2-b258-4fdc-8eb5-e2bafb60a3f3
Superblock backups stored on blocks:
	32768, 98304, 163840, 229376

Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

pi@elimupi:/mnt/content $ mkdir /mnt/logs/
pi@elimupi:/mnt/content $ sudo mount logs /mnt/logs/
pi@elimupi:/mnt/content $ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/root       118G   74G   39G  66% /
devtmpfs        1.7G     0  1.7G   0% /dev
tmpfs           1.9G     0  1.9G   0% /dev/shm
tmpfs           759M  1.2M  758M   1% /run
tmpfs           5.0M  4.0K  5.0M   1% /run/lock
/dev/mmcblk0p1  255M   92M  164M  36% /boot
tmpfs           380M     0  380M   0% /run/user/1000
/dev/sda1       231G  1.1G  230G   1% /mnt/content
/dev/loop0      966M  1.4M  899M   1% /mnt/logs
sudo mv www_log /mnt/logs/
pi@elimupi:/mnt/content $ sudo chmod -vR og-w /mnt/logs/
mode of '/mnt/logs/' retained as 0755 (rwxr-xr-x)
mode of '/mnt/logs/www_log' retained as 0755 (rwxr-xr-x)
mode of '/mnt/logs/www_log/fdroid-log' changed from 0777 (rwxrwxrwx) to 0755 (rwxr-xr-x)
mode of '/mnt/logs/www_log/sshAdmin.log' changed from 0777 (rwxrwxrwx) to 0755 (rwxr-xr-x)
mode of '/mnt/logs/www_log/admin-error.log' changed from 0777 (rwxrwxrwx) to 0755 (rwxr-xr-x)
mode of '/mnt/logs/www_log/admin-access.log' changed from 0777 (rwxrwxrwx) to 0755 (rwxr-xr-x)
mode of '/mnt/logs/www_log/admin-log' changed from 0777 (rwxrwxrwx) to 0755 (rwxr-xr-x)
mode of '/mnt/logs/www_log/files-log' changed from 0777 (rwxrwxrwx) to 0755 (rwxr-xr-x)
mode of '/mnt/logs/www_log/moodle-log' changed from 0777 (rwxrwxrwx) to 0755 (rwxr-xr-x)
mode of '/mnt/logs/lost+found' retained as 0700 (rwx------)
pi@elimupi:/mnt/content $ ls -lah /mnt/logs/www_log/
total 1.4M
drwxr-xr-x 2 root root 4.0K Mar 28 21:28 .
drwxr-xr-x 4 root root 4.0K Mar 28 21:46 ..
-rwxr-xr-x 1 root root 1.3M Mar 28 21:28 admin-access.log
-rwxr-xr-x 1 root root  11K Mar 28 21:28 admin-error.log
-rwxr-xr-x 1 root root  29K Mar 28 21:28 admin-log
-rwxr-xr-x 1 root root 8.3K Mar 28 21:28 fdroid-log
-rwxr-xr-x 1 root root    0 Mar 28 21:28 files-log
-rwxr-xr-x 1 root root    0 Mar 28 21:28 moodle-log
-rwxr-xr-x 1 root root 1.6K Mar 28 21:28 sshAdmin.log

This way, we have permissions and the logs are in the volume, this can be added to the /etc/fstab after mounting content and it should do the trick. The only thing is that we are restricted by the size of the new volume, but that could be even better, so the logs can't grow and eat the rest 🤔

If you want I can take care of adding this to ansible 👍

Do we already have the logrotate definition? I can't find it:

root@elimupi:~# grep -r www_log /etc/
root@elimupi:~#