Run logrotate as specific user

logrotatelogs

I am using log rotate to rotate logs for a daemon I have running (A web service). The log rotate is as follows:

/var/log/deamon/error.log {
    daily
    rotate 20
    compress
    delaycompress
    missingok
    notifempty
    create 644 uwsgi uwsgi
    postrotate
            /etc/init.d/deamon stop
            /etc/init.d/deamon start
    endscript
}

The /etc/init.d/deamon stop works fine but it never starts backup. There is one of two issues: either I get a permission denied error (Probably not because I would get it for stop too). Or the startup portion is failing. I need to start the service as root because I need to set a UID and GID due to permission concerns. Even if I set the permissions to -rwxrwxrwx it gives me this error: unable to set gid to 1001 (Operation not permitted) My question is how do I set logrotate to run as a different user (i.e root) or allow rotate to set the gid.

Here is my /etc/init.d/deamon

#!/bin/bash
daemon=/venv/deamon_django18/bin/uwsgi
pid=/var/run/uwsgi/deamon.pid
args="--ini /etc/uwsgi/deamon.ini --pidfile $pid"

case "$1" in
start)
    echo "Starting uwsgi"
    start-stop-daemon -u uwsgi -g uwsgi -p $pid --start --exec $daemon -- $args
    ;;
stop)
    echo "Stopping script uwsgi"
    start-stop-daemon --signal INT -u uwsgi -g uwsgi  -p $pid --stop  $daemon -- $args
    ;;
reload)
    echo "Reloading conf"
    kill -HUP $(cat $pid)
    ;;
*)
    echo "Usage: /etc/init.d/uwsgi {start|stop|reload}"
    exit 1
;;
esac

exit 0

Best Answer

In order to use a different user with logrotate you can specify the "su" option:

/home/ubuntu/log/*.log {
  su ubuntu ubuntu
  rotate 5
  daily
  compress
  missingok
}

Related Solutions

Logrotate Issue – Open File Not Truncating

As promised, a "close enough" to ring buffer program, in a few lines of Perl.

To use it, pass it the size of the log files you want, in bytes (give or take one line), and two or more log files. It'll switch between the log files every X bytes. I'm sure there is already a program out there to do this, but I couldn't find it with a quick search. E.g.,

$ your-app | log-splitter 1048576 /var/log/your-app/log1 /var/log/your-app/log2

assuming, of course, that the file log-splitter is executable, in $PATH, and contains:

#!/usr/bin/perl
use warnings qw(all);
use strict;
use autodie;
use Carp;
use Fcntl qw(SEEK_SET);
use IO::Handle;

# yes, we truncate all logs at start. Sorry.
@ARGV >= 2 or croak "Usage: $0 log-size log-file...";
my ($max_size, @lognames) = @ARGV;
my @logs = map {
    open my $fh, '+>', $_;
    $fh->autoflush(1);
    $fh;
} @lognames;

my $current_size = $max_size;
my $current_log  = $#logs;
while (defined(my $line = <STDIN>)) {
    if ($current_size >= $max_size) {
        $current_log  = ($current_log + 1) % @logs;
        $current_size = 0;
        seek($logs[$current_log], 0, SEEK_SET);
        truncate($logs[$current_log], 0);
    }

    $current_size += length($line);
    print {$logs[$current_log]} $line;
}

close($_) foreach @logs;

To clarify any licensing questions on that code:

To the extent possible under law, Anthony DeRobertis has waived all copyright and related or neighboring rights to the above program (log-splitter). This work is published from: United States.

Logs – How Does Logrotate Work?

logrotate can be run as an ordinary user, without administrative privileges, to rotate logs for that user.

# Create a local per-user configuration file
cat >.logrotate.conf <<'X'
/home/mike/tmp/qqq.log {
    notifempty
    missingok
    size 1M
    rotate 3
}
X

# Run logrotate with that configuration file
/usr/sbin/logrotate -v -s .logrotate.state .logrotate.conf

I've removed your daily criterion because you wanted purely a size-based check, and this would have limited any possible action to just once a day (the first time each day that logrotate is run, as it happens). I've replaced create with missingok so that it's up to your actual rclone job to create the output file rather than logrotate.

Then put the logrotate command into your user's crontab file:

# Capture any existing crontab entries
crontab -l >.crontab

# Append ours to the list
echo '0 * * * * /usr/sbin/logrotate -s .logrotate.state .logrotate.conf >>.crontab.log 2>&1' >>.crontab

# Reload crontab
crontab .crontab

Using this example, output from the command will be written to .crontab.log, and you'll probably want a logrotate entry to cycle or reset it monthly.

Best Answer

Related Solutions

Logrotate Issue – Open File Not Truncating

Logs – How Does Logrotate Work?

Related Question