logrotate(8) and copytruncate as default

Jan Kalu┼ża jkaluza at redhat.com
Thu Jun 27 12:29:02 UTC 2013


On 06/27/2013 01:54 PM, P J P wrote:
>     Hi,
>
> Recently I've seen multiple issues related to new file creation by logrotate(8).
> A race condition described by [1], between creation of a new file and setting
> file permissions and acl(5).  Another I came across in ndjbdns [2], as it continued
> to write to an open, but rotated log file.

Hi,

This is usually fixed by sending some signal to daemon in postscript 
informing it that logs should be reopened. That way, no messages are 
lost. The worst thing which can happen is that some messages get logged 
in the rotated file for short time (after rename is done by logrotate 
and before daemon reopens the new log).

>
> Wouldn't it be better to make 'copytruncate' as default behaviour for logrotate(8)?
> Instead of renaming an old file and creating a new one.
> [1] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1098
> [2] https://github.com/pjps/ndjbdns/commit/be5fd0c90376b5c89e5b5dc3d57f64d905afe519

If you use copytruncate, there is chance that some messages get lost (as 
stated in man logrotate). Making it default could surely make things 
much easier and less error-prone, but I'm afraid we just can't remove 
old behaviour completely right now and therefore it wouldn't save 
anything regarding the problems you have mentioned.

I'm not sure right now if the benefits of the "copytruncate" usage are 
strong enough in comparison with the possibility to lost the messages 
during rotation.

I will definitely try it and see how bad it is, but I presume for bigger 
logs it could be a problem.

Maybe it's just better to try to fix existing bugs and not abandon the 
"rename and reopen" way completely?

>
>
> Thank you.
>
> ---
> Regards
>     -Prasad
> http://feedmug.com
>

Regards,
Jan Kaluza



More information about the devel mailing list