Red Hat Bugzilla – Bug 485553
logrotate breaks permission on /var/log/btmp
Last modified: 2013-04-12 16:05:55 EDT
Description of problem:
Bug 156900 fixed a permission problem with /var/log/btmp which caused sshd to
complain "Excess permission or bad ownership on file /var/log/btmp"
Unfortunately logrotate restores the bad permission if/when it rotates the log
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. allow /var/log/btmp to grow old and big enough to be rotated
2. run logrotate
permissions of /var/log/btmp change from 0600 to 0664
permissions of /var/log/btmp remain 0600
Created attachment 345312 [details]
a patch: config file entry for btmp
the logrotate config file entry for btmp should contain "create 0600 root utmp"
it seems there's no btmp entry in the package's default config file at all, so I can add it with this line included
Looks okay imho. But is there a way to read from a rotated btmp? I mean, it is binary ...
"But is there a way to read from a rotated btmp?"
lastb -f filename
Whoops, sorry. Well, them I'm also for including btmp in the rotates as well. Above mentioned patch should be fine imho
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Please be sure to add a btmp entry into logrotate.conf. On modern networks, the btmp files gets to over a GB in size within a year. It totally hosed our rsync backup with hardlinks solution. Because it changes every day due to the ssh probes, rsync has to replay the entire file taking up lots of disk space for one pretty useless file that needs no more then a month of logs.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
*** Bug 700536 has been marked as a duplicate of this bug. ***