From e4ae4d6129e85fe99bbb82438ed90352400ecdf3 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov <atikhono@redhat.com> Date: Fri, 26 Jul 2024 15:55:01 +0200 Subject: [PATCH] BUILD: configure logrotate to work with non-root-group writable folder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise logrotate complains: ``` error: skipping "/var/log/sssd/sssd_kcm.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation. ``` See https://bugzilla.redhat.com/show_bug.cgi?id=2299733 for details Reviewed-by: Jakub Vávra <jvavra@redhat.com> Reviewed-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> --- Makefile.am | 1 + configure.ac | 1 + src/examples/{logrotate => logrotate.in} | 1 + 3 files changed, 3 insertions(+) rename src/examples/{logrotate => logrotate.in} (90%) diff --git a/Makefile.am b/Makefile.am index f4cadee6f3a..82e0c5882a3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5706,6 +5706,7 @@ endif rm -f $(builddir)/src/sysv/systemd/sssd-kcm.socket rm -f $(builddir)/src/sysv/systemd/sssd-kcm.service rm -f $(builddir)/src/tools/wrappers/sss_debuglevel + rm -Rf $(builddir)/src/examples rm -Rf $(builddir)/contrib CLEANFILES += *.X */*.X */*/*.X diff --git a/configure.ac b/configure.ac index 105d77a4d92..380c16ba80a 100644 --- a/configure.ac +++ b/configure.ac @@ -563,6 +563,7 @@ AC_DEFINE_UNQUOTED([ABS_SRC_DIR], ["$my_srcdir"], [Absolute path to the source d AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config contrib/sssd-pcsc.rules contrib/90-sssd-token-access.rules contrib/sssd-tmpfiles.conf + src/examples/logrotate src/sysv/sssd src/sysv/gentoo/sssd src/sysv/gentoo/sssd-kcm po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile src/tests/intg/Makefile src/tests/test_CA/Makefile diff --git a/src/examples/logrotate b/src/examples/logrotate.in similarity index 90% rename from src/examples/logrotate rename to src/examples/logrotate.in index 6e769451ce5..0421946a2dc 100644 --- a/src/examples/logrotate +++ b/src/examples/logrotate.in @@ -6,6 +6,7 @@ rotate 2 compress delaycompress + su @SSSD_USER@ @SSSD_USER@ postrotate /bin/kill -HUP `cat /var/run/sssd.pid 2>/dev/null` 2> /dev/null || true /bin/pkill -HUP sssd_kcm 2> /dev/null || true