Re: Postgresql apt repo logrotate issue

Re: аЛинукс 2013-10-26 <1382750681.8403.7.camel@nick-laptop>
> First of all: THANK YOU for your work and time!
> The world really needs such a great engine as PostreSQL!

Thanks :)

> I'm trying to use your PG apt repo on the recent non-LTS Ubuntu-13.10
> And just as the FAQ says:
> https://wiki.postgresql.org/wiki/Apt/FAQ#I_am_using_a_non-LTS_release_of_Ubuntu
>
> I've hit the "logrotate" issue.
> Several minutes of investigations showed that the the breaking thing
> from postgres is
> just writable permissions for group on /var/log/postgres/ dir...
>
> # ll -d /var/log/postgresql
> drwxrwxr-t 2 root postgres 4096 Oct 26 04:14 /var/log/postgresql/
>
> So, logratote sees a huge security issue here and doesn't start. That's
> its problems.
>
> But I can't believe that you preferred to add "Breaks: logrotate >=3.8"
> to the package
> instead of just
> chown postgres:postgres /var/log/postgresql
> chmod 755 /var/log/postgresql
>
> I did that - and logrotate was happy.
>
> What's the problem guys? Why did you decide to break logrotate?
> Possible, I'm missing anything bigger?

The problem with that approach is that it removes the g+w bit on
/var/log/postgresql/. There are other programs besides PostgreSQL that
write to that directory (pgbouncer, pgpool, ...?), though all are
running with the "postgres" user.

> So, I decided to write to you as FAQ says:
> "We are looking into providing a nicer solution for this problem."
>
> Isn't chown+chmod a fix of the issue?

Maybe.

@List: what do you think?

Christoph
--
cb@df7cb.de | http://www.df7cb.de/