Actually, doing what logrotate suggests causes other problems. We don't have this problem on any other system so I am keen to understand the root of the issue rather than start messing around with the default permissions of the log directories. logrotate only matches /var/log/nginx/*log - /var/log/nginx/access.log & /var/log/nginx/error.log On the server where we have problems we have /var/log/nginx/subdirectory/some.other.log On 24 September 2015 at 09:34, Jo Rhett <jrhett at netconsonance.com> wrote:> On Sep 24, 2015, at 12:18 AM, Andrew Holway <andrew.holway at gmail.com> > wrote: > > error: skipping "/var/log/nginx/access.log" because parent directory has > > insecure permissions (It's world writable or writable by group which is > not > > "root") Set "su" directive in config file to tell logrotate which > > user/group should be used for rotation. > > Right there ^^^ it is telling you what is wrong and how to fix it. > > -- > Jo Rhett > Net Consonance : net philanthropy to improve open source and internet > projects. > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
Hmm, so it seems that logrotate might be broken for nginx on Centos7. I filed a bug with epel. https://bugzilla.redhat.com/show_bug.cgi?id=1266105 On 24 September 2015 at 11:49, Andrew Holway <andrew.holway at gmail.com> wrote:> Actually, doing what logrotate suggests causes other problems. We don't > have this problem on any other system so I am keen to understand the root > of the issue rather than start messing around with the default permissions > of the log directories. > > logrotate only matches /var/log/nginx/*log - /var/log/nginx/access.log & > /var/log/nginx/error.log > > On the server where we have problems we have > /var/log/nginx/subdirectory/some.other.log > > > > On 24 September 2015 at 09:34, Jo Rhett <jrhett at netconsonance.com> wrote: > >> On Sep 24, 2015, at 12:18 AM, Andrew Holway <andrew.holway at gmail.com> >> wrote: >> > error: skipping "/var/log/nginx/access.log" because parent directory has >> > insecure permissions (It's world writable or writable by group which is >> not >> > "root") Set "su" directive in config file to tell logrotate which >> > user/group should be used for rotation. >> >> Right there ^^^ it is telling you what is wrong and how to fix it. >> >> -- >> Jo Rhett >> Net Consonance : net philanthropy to improve open source and internet >> projects. >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > >
It?s interesting in your world, where ?broken? is ?functions exactly as it is documented to work? If you want it to match subdirectories then you should add to the logrotate, or add another one yourself for each subdirectory. It?s not hard, and it?s certainly not broken. It does what you tell it to do. On Sep 24, 2015, at 6:33 AM, Andrew Holway <andrew.holway at gmail.com> wrote:> Hmm, so it seems that logrotate might be broken for nginx on Centos7. I > filed a bug with epel. > > https://bugzilla.redhat.com/show_bug.cgi?id=1266105 > > On 24 September 2015 at 11:49, Andrew Holway <andrew.holway at gmail.com> > wrote: > >> Actually, doing what logrotate suggests causes other problems. We don't >> have this problem on any other system so I am keen to understand the root >> of the issue rather than start messing around with the default permissions >> of the log directories. >> >> logrotate only matches /var/log/nginx/*log - /var/log/nginx/access.log & >> /var/log/nginx/error.log >> >> On the server where we have problems we have >> /var/log/nginx/subdirectory/some.other.log >> >> >> >> On 24 September 2015 at 09:34, Jo Rhett <jrhett at netconsonance.com> wrote: >> >>> On Sep 24, 2015, at 12:18 AM, Andrew Holway <andrew.holway at gmail.com> >>> wrote: >>>> error: skipping "/var/log/nginx/access.log" because parent directory has >>>> insecure permissions (It's world writable or writable by group which is >>> not >>>> "root") Set "su" directive in config file to tell logrotate which >>>> user/group should be used for rotation. >>> >>> Right there ^^^ it is telling you what is wrong and how to fix it. >>> >>> -- >>> Jo Rhett >>> Net Consonance : net philanthropy to improve open source and internet >>> projects. >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> https://lists.centos.org/mailman/listinfo/centos >>> >> >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos-- Jo Rhett Net Consonance : net philanthropy to improve open source and internet projects.