目錄權限修改造成 Logrotate 失敗的修復步驟 不指定

jackxiang 2017-6-23 00:09 | |
背景:CentOS7版本,出现执行完了后,并没有真的分割,这奇怪了,方向应该是这个方向,开源就有这个问题,老是出现各种问题。。。。搜索引擎很重要。
多了个-d参数代表只执行预演调试而不实际执行归档操作,配置输出的日志如下:
情况一:chown -R root:root  /usr/local/tomcat/conf/tomcat.logrotate
logrotate -v -f -d  /usr/local/tomcat/conf/tomcat.logrotate                
reading config file /usr/local/tomcat/conf/tomcat.logrotate
olddir is now oldlogs
Allocating hash table for state file, size 15360 B

Handling 1 logs

rotating pattern: /data/logs/tomcat/*.log  forced from command line (30 rotations)
olddir is oldlogs, empty log files are not rotated, old logs are removed
considering log /data/logs/tomcat/catalina.log
  log needs rotating
considering log /data/logs/tomcat/localhost-access.log
  log does not need rotating (log is empty)considering log /data/logs/tomcat/localhost.log
  log does not need rotating (log is empty)rotating log /data/logs/tomcat/catalina.log, log->rotateCount is 30
dateext suffix '-20170515'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
copying /data/logs/tomcat/catalina.log to /data/logs/tomcat/oldlogs/catalina.log-20170515
truncating /data/logs/tomcat/catalina.log
发现还是没有真的拷贝到里面:
分割日志时报错:error: skipping "/var/log/nginx/test.access.log" because parent directory has insecure permissions (It's world writable or writable by group which is not "root") Set "su" directive in config file to tell logrotate which user/group should be used for rotation.
答:添加“su root list”到/etc/logrotate.d/nginx文件中即可
如下;
/var/log/nginx/*.log {
        su root list
        daily
        missingok
        rotate 52
        compress
        delaycompress
        notifempty
        #ifempty
        create 0640 www-data adm
        sharedscripts
        postrotate
                [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
        endscript
}
chmod -R 640 /data/logs/tomcat/
不行的,这一个国外网站有写:https://ma.ttias.be/logrotate-on-rhelcentos-7-complains-about-insecure-permissions-on-parent-directory-world-writable/
来个中文的:https://blog.longwin.com.tw/2016/01/logrotate-perm-modify-rotete-failed-2016/
switching euid to 0 and egid to 1022
tomcat的组Id:1022
[codes]
/data/logs/tomcat/*.log {
    su root tomcat                                                                                                
    daily
    rotate 30
    missingok
    dateext
    notifempty
    #create 0644 tomcat root
    copytruncate
    olddir oldlogs
}
[/codes]

logrotate -v -f -d  /usr/local/tomcat/conf/tomcat.logrotate
reading config file /usr/local/tomcat/conf/tomcat.logrotate
olddir is now oldlogs
Allocating hash table for state file, size 15360 B

Handling 1 logs

rotating pattern: /data/logs/tomcat/*.log  forced from command line (30 rotations)
olddir is oldlogs, empty log files are not rotated, old logs are removed
switching euid to 0 and egid to 1022
considering log /data/logs/tomcat/catalina.log
  log needs rotating
considering log /data/logs/tomcat/localhost-access.log
  log does not need rotating (log is empty)considering log /data/logs/tomcat/localhost.log
  log does not need rotating (log is empty)rotating log /data/logs/tomcat/catalina.log, log->rotateCount is 30
dateext suffix '-20170515'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
glob finding old rotated logs failed
copying /data/logs/tomcat/catalina.log to /data/logs/tomcat/oldlogs/catalina.log-20170515
truncating /data/logs/tomcat/catalina.log
switching euid to 0 and egid to 0


情况二:selinux影响:
access("/etc/selinux/config", F_OK)     = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4

service selinux stop
Redirecting to /bin/systemctl stop  selinux.service
Failed to stop selinux.service: Unit selinux.service not loaded.


chcon -Rv --type=var_log_t /data/logs/tomcat
正在更改"/data/logs/tomcat/localhost.log" 的安全环境
chcon: 部分关联无法应用于文件"localhost.log"
正在更改"/data/logs/tomcat/catalina.log" 的安全环境
chcon: 部分关联无法应用于文件"catalina.log"
正在更改"/data/logs/tomcat/oldlogs" 的安全环境
chcon: 部分关联无法应用于文件"oldlogs"
正在更改"/data/logs/tomcat/localhost-access.log" 的安全环境
chcon: 部分关联无法应用于文件"localhost-access.log"
正在更改"/data/logs/tomcat" 的安全环境
chcon: 部分关联无法应用于文件"/data/logs/tomcat"

作者:jackxiang@向东博客 专注WEB应用 构架之美 --- 构架之美,在于尽态极妍 | 应用之美,在于药到病除
地址:http://jackxiang.com/post/9217/
版权所有。转载时必须以链接形式注明作者和原始出处及本声明!

评论列表
发表评论

昵称

网址

电邮

打开HTML 打开UBB 打开表情 隐藏 记住我 [登入] [注册]