Re: solved (was: strange file permission problem)
On Thursday 26 December 2002 17:44, Tzafrir Cohen wrote: > But how are those permissions set to the files? > > Isn't it by a daily cron job ("msec")? Yes, but it's an hourly CRON job on my MDK 9.0 box. And that's apparently the default - I didn't make any changes to system jobs after installing. -- Shlomo Solomon http://come.to/shlomo.solomon Sent by KMail (KDE 3.0.3) on LINUX Mandrake 9.0 To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: solved (was: strange file permission problem)
On Thu, 26 Dec 2002, shlomo solomon wrote: > For anyone who doesn't remember this thread of a few days ago, I had some log > files whose permissions were being randomly changed to 600 (after I set them > to 644). Ths was happening several times a day. > > OK - there's a new application in the Mandrake 9.0 Control Panel called > drakperm. It handles permissions on groups of files and /var/log/* was set to > 600. I found that you can set user defined rules to over-ride whatever you > need to, so I added a rule to set /var/log/mylogs/* to 644 and I haven't had > any problems for a few days now. > > I didn't find any documentation for this on GOOGLE or any of the Mandrake > sites - MandrakeUser or MandakeExpert. There is only a screen shot of the > application on the main Mandrake site. But how are those permissions set to the files? Isn't it by a daily cron job ("msec")? -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
solved (was: strange file permission problem)
For anyone who doesn't remember this thread of a few days ago, I had some log files whose permissions were being randomly changed to 600 (after I set them to 644). Ths was happening several times a day. OK - there's a new application in the Mandrake 9.0 Control Panel called drakperm. It handles permissions on groups of files and /var/log/* was set to 600. I found that you can set user defined rules to over-ride whatever you need to, so I added a rule to set /var/log/mylogs/* to 644 and I haven't had any problems for a few days now. I didn't find any documentation for this on GOOGLE or any of the Mandrake sites - MandrakeUser or MandakeExpert. There is only a screen shot of the application on the main Mandrake site. FWIW -- Shlomo Solomon http://come.to/shlomo.solomon Sent by KMail (KDE 3.0.3) on LINUX Mandrake 9.0 To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: strange file permission problem
On Saturday 21 December 2002 21:56, Tzafrir Cohen wrote: > logger is indeed such a quick-and-dirty tool... I'll try it - but aside from my curiosity about what's causing this, it's not a high priority item (at least until I finish lots of other things I want to fix on my system), since as I wrote at the beginnng of this thread, a cron job to **fix** the permissions regularly solves the problem. > logrotate runs daily, not weekly, BTW. I do know that. What I wrote was that: 1 - this particular log is rotated weekly 2 - the permission change occurs randomly - sometimes more than once a day For those two reasons, I came to the conclusion that logrotate is not the cause. > Maybe the script that runs the relevant service does some chmods? I recall > that Mandrake's /etc/init.d/httpd use to do such unpredicatable stuff. If you mean the script that checks the ADSL, the answer is no. It's something really simple I wrote myself. Basicly, it pings my provider and if he's **dead** calls another script to kill pptp and restart it again + appropriate messages to the log, which as you already know is not really an **official** log - just a text file I created. -- Shlomo Solomon http://come.to/shlomo.solomon Sent by KMail (KDE 3.0.3) on LINUX Mandrake 9.0 To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: strange file permission problem
On Sat, 21 Dec 2002, shlomo solomon wrote: > On Saturday 21 December 2002 05:32, Xavier Gentoo wrote: > > > My guess would be that you shouldn't be logging into a separate logfile at > > all. See logger(1). > I don't think that's relevant. As I understand it, logger allows writing to > syslog which isnot what I want. My script checks if ADSL is up and if not > writes to a text file so that any user can check this small file and not have > to search throuh a large syslog. I know there must be lots of tools to do > this more elegantly, but I was looking for a **quick and dirty** solution. > And, aside from the permission problem, which as I already wrote, I found a > way around, it works fine. > logger is indeed such a quick-and-dirty tool... For future reference: 1. add to syslog.conf: user.debug -/var/log/mylogs/mylog (the '-' is to prevent immediate sync, useful if you assume your system won't crash immediately, and increases the system's performance if the program is verbose) Then you can log messages with: logger "a message" or: logger -p user.debug "another message" You get the time-stamps for free. "user" is the name of a syslog facility. "debug" is the name of the lowest log level. You can have separate logs for different log levels, or one log for all the "user" messages, and one log for just the debug messages. FMs: logger(1) on how to use logger. Quite short. syslog.conf(5) on the config file of the standard syslog daemon > > > > Either way I bet the culprit here is indeed logrotate. > I still don't agree, because as I wrote before, the change in permission > occurs at **seemingly** random intervals (not when logrotate runs) and also > changes permission of all the files in the /var/log/mylogs directory. logrotate runs daily, not weekly, BTW. Maybe the script that runs the relevant service does some chmods? I recall that Mandrake's /etc/init.d/httpd use to do such unpredicatable stuff. -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: strange file permission problem
On Saturday 21 December 2002 05:32, Xavier Gentoo wrote: > My guess would be that you shouldn't be logging into a separate logfile at > all. See logger(1). I don't think that's relevant. As I understand it, logger allows writing to syslog which is not what I want. My script checks if ADSL is up and if not writes to a text file so that any user can check this small file and not have to search throuh a large syslog. I know there must be lots of tools to do this more elegantly, but I was looking for a **quick and dirty** solution. And, aside from the permission problem, which as I already wrote, I found a way around, it works fine. > > Either way I bet the culprit here is indeed logrotate. I still don't agree, because as I wrote before, the change in permission occurs at **seemingly** random intervals (not when logrotate runs) and also changes permission of all the files in the /var/log/mylogs directory. -- Shlomo Solomon http://come.to/shlomo.solomon Sent by KMail (KDE 3.0.3) on LINUX Mandrake 9.0 To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: strange file permission problem
On Thursday 19 December 2002 18:19, shlomo solomon wrote: > I have a strange problem. Actually, I've solved it, but I don't like the > solution and I don't like not knowing what's causing it. So maybe someone > can help. > > I have a script to keep my ADSL connection up. When the script discovers a > problem, it writes a line to a log called /var/log/mylogs/adsl-down.log. > Since I wanted this log to be accessable by all users, I set permission to > 644. The owner and group are both root. Only a cron job run every 2 minutes > writes to the log (if it finds a problem). > > The problem is that every so often (I don't know when it happens), the > permission becomes 600 and non-root users can no longer read the file. > There are also some gz files in the /var/log/mylogs directory (created by > logrotate). The same thing happens to their permissions too. > > My solution was simple - run a cron job to reset the permissions for all > files in the directory to 644. But, although that works, it seems strange > that **something** is changing the permissions back to 600. > My guess would be that you shouldn't be logging into a separate logfile at all. See logger(1). Either way I bet the culprit here is indeed logrotate. > Any ideas? - TIA -- "I'm not saying there should be a capital punishment for stupidity, but why don't we just take the safety labels off of everything and let the problem solve itself?" = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: strange file permission problem
On Thu, 19 Dec 2002, Arie Folger wrote: > On Thursday 19 December 2002 11:19, shlomo solomon wrote: > > I have a strange problem. Actually, I've solved it, but I don't like the > > solution and I don't like not knowing what's causing it. So maybe someone > > can help. > > > The problem is that every so often (I don't know when it happens), the > > permission becomes 600 and non-root users can no longer read the file. > > There are also some gz files in the /var/log/mylogs directory (created by > > logrotate). The same thing happens to their permissions too. > > > > My solution was simple - run a cron job to reset the permissions for all > > files in the directory to 644. But, although that works, it seems strange > > that **something** is changing the permissions back to 600. > > PAM does that. Read the various settings under /etc/pam.d I had a similar > problem with certain device files, until I discovered that the settings were > reset (as part of devfs, IIRC) and would best be set using pam.d settings. pam changes permissions for device files - NOT for log files - at least not the way it is ocnfigured on redhat systems - and it has no reason to touch any permissions related to log files at all. it messes with device files, in order to allow the user that logged on via the console, to gain access to certain 'console-based' hardware (e.g. sound device via /etc/dsp). -- guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: strange file permission problem
On Thursday 19 December 2002 11:19, shlomo solomon wrote: > I have a strange problem. Actually, I've solved it, but I don't like the > solution and I don't like not knowing what's causing it. So maybe someone > can help. > The problem is that every so often (I don't know when it happens), the > permission becomes 600 and non-root users can no longer read the file. > There are also some gz files in the /var/log/mylogs directory (created by > logrotate). The same thing happens to their permissions too. > > My solution was simple - run a cron job to reset the permissions for all > files in the directory to 644. But, although that works, it seems strange > that **something** is changing the permissions back to 600. PAM does that. Read the various settings under /etc/pam.d I had a similar problem with certain device files, until I discovered that the settings were reset (as part of devfs, IIRC) and would best be set using pam.d settings. Oh, the documentation is not for the faint of heart, but once you can pinpoint a troublesome line and RTFM, I am sure some list members will gladly help you out.;-) Arie -- It is absurd to seek to give an account of the matter to a man who cannot himself give an account of anything; for insofar as he is already like this, such a man is no better than a vegetable. -- Book IV of Aristotle's Metaphysics = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: strange file permission problem
On Thursday 19 December 2002 18:41, Gilad Ben-Yossef wrote: > I bet that logrotate is the one to blame for this. It simply creates the > files with it's default permissions. Check logrotate config file for the > dirty details. I already thought of that, but eliminated the possibility because this particular log is rotated weekly and the problem occurs randomly - sometimes more than once a day. > If you can't find out what does it download Muli's syscall-tracker from > syscalltrack.sf.net, install it and put a logging rule on all open() and > chmod() syscalls on the system. This should tell you what does this ;-) I'll try that - thanks for the idea. -- Shlomo Solomon http://come.to/shlomo.solomon Sent by KMail (KDE 3.0.3) on LINUX Mandrake 9.0 To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: strange file permission problem
On Thu, 2002-12-19 at 18:19, shlomo solomon wrote: > > The problem is that every so often (I don't know when it happens), the > permission becomes 600 and non-root users can no longer read the file. There > are also some gz files in the /var/log/mylogs directory (created by > logrotate). The same thing happens to their permissions too. I bet that logrotate is the one to blame for this. It simply creates the files with it's default permissions. Check logrotate config file for the dirty details. > > My solution was simple - run a cron job to reset the permissions for all files > in the directory to 644. But, although that works, it seems strange that > **something** is changing the permissions back to 600. > > Any ideas? - TIA If you can't find out what does it download Muli's syscall-tracker from syscalltrack.sf.net, install it and put a logging rule on all open() and chmod() syscalls on the system. This should tell you what does this ;-) Gilad. -- Gilad Ben-Yossef <[EMAIL PROTECTED]> http://benyossef.com Q: "What do you do if your Linux box goes down?" A: "Sit around in the dark until the power comes back on" = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: strange file permission problem
Hypothesis: When logrotate rotates away log files, your cron job has to create a new log file. This new log file apparently gets the default (for root cron jobs) permission of 600. A solution: have your cron job change the permission of your log file each time it writes; or before writing it is to check if the logfile exists. If the logfile didn't exist prior to this cron job run, then after writing (creating) the logfile, change its permission to 644. --- Omer WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html On Thu, 19 Dec 2002, shlomo solomon wrote: > The problem is that every so often (I don't know when it happens), the > permission becomes 600 and non-root users can no longer read the file. There > are also some gz files in the /var/log/mylogs directory (created by > logrotate). The same thing happens to their permissions too. > > My solution was simple - run a cron job to reset the permissions for all files > in the directory to 644. But, although that works, it seems strange that > **something** is changing the permissions back to 600. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
strange file permission problem
I have a strange problem. Actually, I've solved it, but I don't like the solution and I don't like not knowing what's causing it. So maybe someone can help. I have a script to keep my ADSL connection up. When the script discovers a problem, it writes a line to a log called /var/log/mylogs/adsl-down.log. Since I wanted this log to be accessable by all users, I set permission to 644. The owner and group are both root. Only a cron job run every 2 minutes writes to the log (if it finds a problem). The problem is that every so often (I don't know when it happens), the permission becomes 600 and non-root users can no longer read the file. There are also some gz files in the /var/log/mylogs directory (created by logrotate). The same thing happens to their permissions too. My solution was simple - run a cron job to reset the permissions for all files in the directory to 644. But, although that works, it seems strange that **something** is changing the permissions back to 600. Any ideas? - TIA -- Shlomo Solomon http://come.to/shlomo.solomon Sent by KMail (KDE 3.0.3) on LINUX Mandrake 9.0 To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]