[clue-admin] Logrotate is b0rked
David Anselmi
anselmi at anselmi.us
Tue Mar 29 19:43:58 MST 2005
Jed S. Baer wrote:
[...]
> The reasons for changing /tmp are in the long discussion we had on how to
> set up member accounts. Yep, you're right, same logic applies, unless
> /var/tmp is writable only by root. Only question is, what else might be
> using it.
So you really need to make sure anything writable by normal users is
noexec. If you don't do that, changing /tmp doesn't get you much. (For
reasons such as that I usually make /tmp, /usr, /var, and /home their
own partitions, FWIW.)
I'd say you're better off encouraging users to use /tmp rather than
/var/tmp, since /var is part of / (and I'm told bad things happen if /
fills up). Isn't there some setting to reserve x% of a partition for
root? That might help (or maybe it's just for inodes).
[...]
>>If RPM doesn't respect changes you make to either logrotate.conf or
>>cron.daily/logrotate, I'd change distros. It should know better.
>
> I don't what Debian does; remove it. I just use Fedora Core. :)
Exactly! ;-)
> My experience is that RPM will usually leave a config file untouched, and
> create the new one from the package as somefile.conf-rpmnew, or something
> like that -- don't have any examples handy.
Debian checks conffiles. If you're system uses one that is stock (by
checksum), it is replaced with the new stock file. If it is locally
modified you can pick "old", "new", or "show me a diff".
I've never seen that fail, except occasionally to report local changes
to a stock file (the side of caution). And they're usually good about
announcing unsupported old behavior. Naturally the packager can make a
mistake either in the install scripts or designating conffiles.
Dave
More information about the clue-admin
mailing list