On Saturdayen den 20 April 2002 08.04, Vincent Danen wrote: > On Fri Apr 12, 2002 at 08:37:24AM -0400, Oden Eriksson wrote: > > [...] > > > > No msec doesn't change files/directories under /var, it only changes > > > /var itself. > > > > > > That's very strange that msec breaks qmail as I remember Vincent has > > > done tests and that was ok. Vincent ? > > > > I use: > > > > exec setuidgid qmaill multilog t /var/log/pop3d > > exec setuidgid qmaill multilog t /var/log/qmail > > exec setuidgid qmaill multilog t /var/log/smtpd > > Yes, this would do it. Take a look /usr/share/msec/perm.3, for > example. It directly changes ownership of /var/log/* to > root.root(755)... level 2 uses root.adm(755). > > The directories below /var/log, ie. /var/log/*/* are set to current > user with mode 640. This is why /var/log/pop3d would cause problems > whereas /var/log/qmail/pop3d would not. > > An exception could be (should be) made so that /var/log/qmail is set > to current perms instead of changing because root.root is still wrong > (should be qmaill.root).
Aha that's why... But I think it really should be "qmaill.nofiles", not "qmaill.root". It would be great if msec didn't change current in /var/log/* > > Where vdanen uses something like: > > > > exec setuidgid qmaill multilog t /var/log/qmail/pop3d > > exec setuidgid qmaill multilog t /var/log/qmail/qmqpd > > exec setuidgid qmaill multilog t /var/log/qmail > > exec setuidgid qmaill multilog t /var/log/qmail/smtpd > > > > At the time my problems arose, either the dir perm, or the dir content > > perm was forcly changed by msec. I can't recall exactly which one of > > these, it may even be so that both was altered... I don't really care now > > since I have started to use: > > > > exec setuidgid qmaill multilog t ./main > > So you log to /var/run/supervise/qmail-pop3d/main? Yes, actually it's "/var/service/pop3d/log/main". > Ala djbdns... =) Exactly :) This works as great as logging to /var/log since I usually never make a dedicated log partition. I just have to change in other softwares so they can find the log files..., this is better than struggling with msec. > > This way is "msec safe" :) > > > > I think I have reported about this quite some time ago. msec could have > > changed it's behaviour since then, but I don't have the time to test. -- Regards // Oden Eriksson