[clue-admin] Logrotate is b0rked

Jed S. Baer thag at frii.com
Mon Mar 28 22:26:10 MST 2005 

On Mon, 28 Mar 2005 17:27:50 -0700
David Anselmi wrote:

> So why'd you change /tmp?  Whatever the reason, you probably need to 
> chagne /var/tmp too, right?

Uh ... LALALALALALALALALALALAAAAH I'm not listening to you. :)

Perhaps /var/tmp should be writable only by root? It's been empty every
time I've looked at it. /var/run is writable only by root, for example,
although /var/lock isn't, which makes sense to me.

The reasons for changing /tmp are in the long discussion we had on how to
set up member accounts. Yep, you're right, same logic applies, unless
/var/tmp is writable only by root. Only question is, what else might be
using it.

Maybe I'll have to actually read the FHS. Can't hurt ... much. Logic is
telling me that there needs to be a general use tmp area which is noexec,
nosuid, i.e. temporary data files only. Although this discussion
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126259> implies that
even that can be gotten around.

> > If it comes out that logrotate will stay the way it is, then that
> > means continual patching of each new release, whereas modding the
> > config file is easier to do, even if it means having to re-add the
> > environment line anytime it gets replace by an RPM upgrade of
> > logrotate.
> 
> If RPM doesn't respect changes you make to either logrotate.conf or 
> cron.daily/logrotate, I'd change distros.  It should know better.

I don't what Debian does; remove it. I just use Fedora Core. :)

My experience is that RPM will usually leave a config file untouched, and
create the new one from the package as somefile.conf-rpmnew, or something
like that -- don't have any examples handy. But I always like to err on
the side of caution. I have seen RPM rename a config file as
somefile.conf-rpmorig and put in a new one. I guess that happens when the
new version of someprogram will choke on an option or value that's no
longer supported, or requires an option that wasn't there in the previous
release. So if you're upgrading a package or program, do you leave the old
config file in place, knowing the new program will fail to start? When
this happens, every time I've encountered it (except for a full distro
upgrade), rpm prints a message saying that somefile.conf has been renamed
to somefile.conf-rpmorig. IIRC, on a full-distro upgrade, those messages
are in the upgrade log.

jed
-- 
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1  4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier

More information about the clue-admin mailing list