Description of problem: Bug 156900 fixed a permission problem with /var/log/btmp which caused sshd to complain "Excess permission or bad ownership on file /var/log/btmp" Unfortunately logrotate restores the bad permission if/when it rotates the log Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. allow /var/log/btmp to grow old and big enough to be rotated 2. run logrotate Actual results: permissions of /var/log/btmp change from 0600 to 0664 Expected results: permissions of /var/log/btmp remain 0600 Additional info:
Created attachment 345312 [details] a patch: config file entry for btmp the logrotate config file entry for btmp should contain "create 0600 root utmp" it seems there's no btmp entry in the package's default config file at all, so I can add it with this line included
Looks okay imho. But is there a way to read from a rotated btmp? I mean, it is binary ...
"But is there a way to read from a rotated btmp?" Yes : lastb -f filename
Whoops, sorry. Well, them I'm also for including btmp in the rotates as well. Above mentioned patch should be fine imho
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
Please be sure to add a btmp entry into logrotate.conf. On modern networks, the btmp files gets to over a GB in size within a year. It totally hosed our rsync backup with hardlinks solution. Because it changes every day due to the ssh probes, rsync has to replay the entire file taking up lots of disk space for one pretty useless file that needs no more then a month of logs.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0816.html
*** Bug 700536 has been marked as a duplicate of this bug. ***