BUG: fix logrotate ownership options

The packaged configuration for logrotate falsely contained options applying to other programs' log files. This caused wrong ownerships of log files. This issues is corrected, but the ownership of affected log files may need to be changed manually. To find affected files, you may use: ```bash sudo find /var/log/ -user intelmq ! -path \*intelmq\* ``` fixes #2110
certtools · Sep 16, 2021 · 5b3c68b · 5b3c68b
1 parent 531107f
commit 5b3c68b
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 15 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -59,6 +59,7 @@ CHANGELOG
 ### Tools
 
 ### Contrib
+- logrotate: Move compress and ownership rules to the IntelMQ-blocks to prevent that they apply to other files (PR#2111 by Sebastian Wagner, fixes #2110).
 
 ### Known issues
 

diff --git a/NEWS.md b/NEWS.md
@@ -22,6 +22,14 @@ The field names for all data added to messages must match a pre-defined format.
 The check which ensures this, was ineffective prior to this version and is effective again starting with version 3.1.0.
 The [Data format documentation](https://intelmq.readthedocs.io/en/maintenance/dev/data-format.html#rules-for-keys) describes the required format.
 
+### Logrotate
+The packaged configuration for logrotate falsely contained options applying to other programs' log files. This caused wrong ownerships of log files.
+This issues is corrected, but the ownership of affected log files may need to be changed manually.
+To find affected files, you may use:
+```bash
+sudo find /var/log/ -user intelmq ! -path \*intelmq\*
+```
+
 ### Configuration
 
 ### Libraries

diff --git a/contrib/logrotate/intelmq b/contrib/logrotate/intelmq
@@ -1,13 +1,12 @@
-compress
-delaycompress
-create 644 intelmq intelmq
-
 /opt/intelmq/var/log/*.log {
     su intelmq intelmq
     daily
     maxsize 10M
     rotate 60
     notifempty
+    compress
+    delaycompress
+    create 644 intelmq intelmq
     sharedscripts
     postrotate
         sudo -u intelmq /usr/local/bin/intelmqctl --quiet reload
@@ -20,6 +19,9 @@ create 644 intelmq intelmq
     maxsize 10M
     rotate 60
     notifempty
+    compress
+    delaycompress
+    create 644 intelmq intelmq
     sharedscripts
     postrotate
         sudo -u intelmq /usr/local/bin/intelmqctl --quiet reload file-output

diff --git a/debian/patches/fix-logrotate-path.patch b/debian/patches/fix-logrotate-path.patch
@@ -1,21 +1,18 @@
 Description: Fix paths in logrotate configuration to obey FHS
 Author: Gernot Schulz <gernot@intevation.de>, Sebastian Wagner <wagner@cert.at>
-Last-Update: 2021-03-03
+Last-Update: 2021-09-14
 ---
 This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/contrib/logrotate/intelmq	2021-03-03 11:08:37.811638328 +0100
-+++ b/contrib/logrotate/intelmq	2021-03-03 11:09:27.415930805 +0100
-@@ -2,7 +2,7 @@
- delaycompress
- create 644 intelmq intelmq
-
+--- a/contrib/logrotate/intelmq
++++ b/contrib/logrotate/intelmq
+@@ -1,4 +1,4 @@
 -/opt/intelmq/var/log/*.log {
 +/var/log/intelmq/*.log {
      su intelmq intelmq
      daily
      maxsize 10M
-@@ -10,11 +10,11 @@
-     notifempty
+@@ -9,11 +9,11 @@
+     create 644 intelmq intelmq
      sharedscripts
      postrotate
 -        sudo -u intelmq /usr/local/bin/intelmqctl --quiet reload
@@ -28,8 +25,8 @@ This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
      su intelmq intelmq
      daily
      maxsize 10M
-@@ -22,6 +22,6 @@
-     notifempty
+@@ -24,6 +24,6 @@
+     create 644 intelmq intelmq
      sharedscripts
      postrotate
 -        sudo -u intelmq /usr/local/bin/intelmqctl --quiet reload file-output