Hi Sven,
Thank you for the explanation.
I just wanted to add that when doing "systemctl edit logrotate.service", we
also need to include the "[Service]" header before specifying ReadWritePaths.
Thank you.
Regards,
Tan Shao Yi
On 21/7/19, 5:55 PM, "Sven Joachim" <svenj...@gmx.de> wrote:
On 2019-07-21 02:42 +0000, Tan Shao Yi wrote:
> I upgraded to Debian 10 recently and it looks like logrotate is not
> working on files outside the /var directory:
This is correct.
> For example,
>
> Jul 21 00:00:01 server-name logrotate[8874]: error: error renaming
> /usr/local/apache/logs/https-error_log.12.gz to
> /usr/local/apache/logs/https-error_log.13.gz: Read-only file system
> Jul 21 00:00:03 server-name logrotate[8874]: error: unable to open
/usr/local/backup/mysql/mysql.sql.1 for compression
>
> The files are present, and I am able to logrotate them manually as
> root when I run logrotate against the config files in
> /etc/logrotate.d--it just fails when it is run automatically.
>
> May I know if something has changed recently to cause this?
It is the ProtectSystem=full directive in logrotate.service which causes
/usr to be mounted read-only for logrotate. See the SANDBOXING section
in systemd.exec(5).
You can make /usr/local writable with
"systemctl edit logrotate.service", enter the following line:
ReadWritePaths=/usr/local
in your editor and you're done.
Cheers,
Sven
