Opened 12 years ago

Closed 12 years ago

#179 closed enhancement (worksforme)

logrotate improvements

Reported by: unlim.myid.net Owned by: sb
Priority: minor Milestone:
Component: nginx-package Version: 1.2.x
Keywords: Cc:
uname -a: -
nginx -V: nginx version: nginx/1.2.1
built by gcc 4.1.2 20080704 (Red Hat 4.1.2-51)
TLS SNI support disabled
configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -m64 -mtune=generic'

Description

currently logrotate job (/etc/logrotate.d/nginx) creates archives with 644 and root:root permissions.
Better to create them as 640 and nginx:nginx.
At least 640 should be used.

# ls -l /var/log/nginx/
total 205580
drwxr-xr-x 2 root root 4096 Jun 25 04:42 ./
drwxr-xr-x 9 root root 4096 Jun 25 04:42 ../
-rw-r----- 1 nginx nginx 42206375 Jun 25 13:56 access.log
-rw-r----- 1 nginx nginx 80435629 Jun 25 04:42 access.log.1
-rw-r--r-- 1 root root 87237684 Jun 25 04:42 access.log.2.gz
-rw-r----- 1 nginx nginx 1162 Jun 25 13:41 error.log
-rw-r----- 1 nginx nginx 884 Jun 24 14:39 error.log.1
-rw-r--r-- 1 root root 38984 Jun 25 04:42 error.log.2.gz
-rw-r--r-- 1 nginx root 339808 Jun 25 13:54 vhost-error_log

Seems directive "create 0640 nginx nginx" should help.

Thank you!

Change History (4)

comment:1 by Sergey Budnevitch, 12 years ago

logrotate script from nginx-1.2.1-1.el5.ngx has 'create 640 nginx adm' already.

Please check you are using correct logrotate script by
rpm -V nginx

comment:2 by Sergey Budnevitch, 12 years ago

Component: nginx-corenginx-package
Version: 1.3.x1.2.x

comment:3 by maxim, 12 years ago

Owner: changed from somebody to sb
sensitive: 0
Status: newassigned

comment:4 by Sergey Budnevitch, 12 years ago

Resolution: worksforme
Status: assignedclosed

No feedback in 6 months

Note: See TracTickets for help on using tickets.