Bug 666677

Summary: Logrotate does not preserve ACL
Product: [Fedora] Fedora Reporter: Joerg_H <joerg.hau>
Component: logrotateAssignee: Jan Kaluža <jkaluza>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: jkaluza, tsmetana
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-01-05 11:16:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joerg_H 2011-01-02 09:35:02 UTC 
= Description of problem:

When logrotate rotates the log files, it removes ACLs. This should not happen; ACLs should be preserved.

= Version-Release number of selected component (if applicable):

logrotate-3.7.9-1.fc14.i686
Linux 2.6.35.10-74.fc14.i686.PAE i686

= How reproducible:

Fully reproducible.

= Steps to Reproduce:
1. setfacl -m user:yourlogin:r-- /var/log/messages (grant read access)
2. getfacl /var/log/messages && ls -la /var/log/messages*
3. run logrotate (either manually, or wait for it ...)
4. repeat command from step 2 to see that ACL have been reset.
  
= Actual results:
(1) ACLs are reset, not preserved. 
(2) The pre-set ACL are transferred to the archive file (cf. output of ls -la /var/log/messages* ).

= Expected results:
(1) ACLs _must_ be preserved at least for the actual file (/var/log/messages). 
(2) ACLs _might_ be preserved for the archive files.
Comment 1 Jan Kaluža 2011-01-03 12:17:18 UTC 
Hi, I've added ACLs support in this upstream commit: https://fedorahosted.org/logrotate/changeset/299 . I will backport it to rawhide soon to test it more.

ACLs of log files created by logrotate should be preserved. Old log files (the rotated ones) should have ACLs set according to original log file. Compressed logs (.gz files) should have ACLs set according to original uncompressed log.
Comment 2 Jan Kaluža 2011-01-05 11:16:46 UTC 
I've backported mentioned patch into logrotate-3.7.9-5.fc15 in rawhide.