On Wednesday 24 July 2019 21:04:13 Tan Shao Yi wrote: > Hi Sven, > > Thank you for the explanation. > > I just wanted to add that when doing "systemctl edit > logrotate.service", we also need to include the "[Service]" header > before specifying ReadWritePaths. > > Thank you. > > Regards, > Tan Shao Yi > > On 21/7/19, 5:55 PM, "Sven Joachim" <svenj...@gmx.de> wrote: > > On 2019-07-21 02:42 +0000, Tan Shao Yi wrote: > > I upgraded to Debian 10 recently and it looks like logrotate is > > not working on files outside the /var directory: > > This is correct.
This is going to be a problem for me unless its fixable. My email logs were moved to /home/me/log many years ago because I got tired of fighting with somebody's idea of security denying fetchmail and procmail rights to keep their logs in /var. Logrotate was easily fixed then. And I believe its fixed for the stretch I'm running atm. > > For example, > > > > Jul 21 00:00:01 server-name logrotate[8874]: error: error > > renaming /usr/local/apache/logs/https-error_log.12.gz to > > /usr/local/apache/logs/https-error_log.13.gz: Read-only file > > system Jul 21 00:00:03 server-name logrotate[8874]: error: > > unable to open /usr/local/backup/mysql/mysql.sql.1 for > > compression > > > > The files are present, and I am able to logrotate them manually > > as root when I run logrotate against the config files in > > /etc/logrotate.d--it just fails when it is run automatically. > > > > May I know if something has changed recently to cause this? > > It is the ProtectSystem=full directive in logrotate.service which > causes /usr to be mounted read-only for logrotate. See the SANDBOXING > section in systemd.exec(5). > > You can make /usr/local writable with > "systemctl edit logrotate.service", enter the following line: > > ReadWritePaths=/usr/local > > in your editor and you're done. > > Cheers, > Sven Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
