Updated logrotate packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailing of log files.
- The logrotate utility always tried to set owner of the rotated log even when the owner was the same as the current owner of the log file. Conseqeuntly, the rotation failed on file systems or systems where changing the ownership was not supported. With this update, before the ownership is changed, logrotate check if it is a real ownership change; that is, logrotate verifies if the new ownership is not the same as the previous one, and skips the change if the ownership change has not been real. The logrotate utility now rotates logs as expected in this scenario.
- Setting the Access control list (ACL) on a rotated log overwrote the previously set mode of the log file. As a consequence, the "create" directive was ignored. To fix this bug, the ACL is no longer copied from the old log file when using the "create" directive and the mode defined using the "create" directive is used instead. As a result, "create" mode works as expected and it is no longer ignored in the described scenario.
- Both the acl_set_fd() and fchmod() functions were called to set the log files permissions. Consequently, there was a race condition where the log file could have unsafe permissions for a short time during its creation. With this update, only one of those functions is now called depending on directives combination used in the configuration file and race condition between the acl_set_fd() and fchmod() function is not possible in the described scenario.
- Because the inverse umask value 0000 was used when creating a new log file, the newly created log file could have unwanted 0600 permissions for a short time before the permissions were set to the proper value using the fchmod() function. With this update, umask is set to 0777 and the newly created log file has proper 0000 permissions for this short period.
- The default SELinux context was set after the compressed log file had been created. Consequently, the compressed log did not have the proper SELinux context. With this update, the default SELinux context is now set before the compressed log file creation and compressed log files have proper SELinux context.
- Temporary files created by the logrotate utility were not removed if an error occurred during its use. With this update, temporary files are now removed in such a case.
Users of logrotate are advised to upgrade to these updated packages, which fix these bugs.