logrotate failing to rotate, permission denied as root user
7,679
Turns out this was an SELinux issue, the file context was not one that logrotate had access to, so was repeatedly getting denied access.
See here for this answer: SELinux fcontext
Related videos on Youtube
Author by
Erich
Updated on September 18, 2022Comments
-
Erich over 1 year
I'm having a problem that I cannot wrap my head around. I've setup logrotate on a centos 7 server to rotate my app logs.
This file is in /etc/cron.daily (i even added a whoami to verify it's running as root):
#!/bin/sh whoami /usr/sbin/logrotate -v /etc/logrotate.d/myapp EXITVALUE=$? if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" fi exit 0
This executes my logrotate config ...
"/opt/myapp/log/*.log" { daily create 644 root root rotate 5 size 20M copytruncate missingok notifempty compress }
Here is my log directory...
[root@server log]# ls -la total 97684 drwxr-xr-x. 3 root root 4096 Sep 28 12:41 . drwxr-xr-x. 5 root root 4096 Sep 27 20:57 .. -rw-r--r--. 1 root root 100015457 Sep 28 12:36 myapp.log
Every time we run it manually as root, it rotates the log... but when we run it through cron, it fails. Here is the mail it sends...
From root@server Thu Sep 28 12:30:02 2017 Return-Path: <root@server> X-Original-To: root Delivered-To: root@server Received: by server (Postfix, from userid 0) id 9C82B419; Thu, 28 Sep 2017 12:30:02 -0500 (CDT) From: "(Cron Daemon)" <root@server> To: root@server Subject: Cron <root@server> run-parts /etc/cron.daily Content-Type: text/plain; charset=UTF-8 Auto-Submitted: auto-generated Precedence: bulk X-Cron-Env: <XDG_SESSION_ID=10746> X-Cron-Env: <XDG_RUNTIME_DIR=/run/user/0> X-Cron-Env: <LANG=en_US.UTF-8> X-Cron-Env: <SHELL=/bin/bash> X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin> X-Cron-Env: <MAILTO=root> X-Cron-Env: <HOME=/root> X-Cron-Env: <LOGNAME=root> X-Cron-Env: <USER=root> Message-Id: <20170928173002.9C82B419@server> Date: Thu, 28 Sep 2017 12:30:01 -0500 (CDT) /etc/cron.daily/myapp: root <<<<<<<<< whoami output reading config file /etc/logrotate.d/myapp Handling 1 logs rotating pattern: /opt/myapp/log/*.log 20971520 bytes (5 rotations) empty log files are not rotated, old logs are removed considering log /opt/myapp/log/myapp.log log needs rotating rotating log /opt/myapp/log/myapp.log, log->rotateCount is 5 error: error opening /opt/myapp/log/myapp.log: Permission denied set default create context
Anyone ever encounter this or have any ideas what could be causing this?