[Logcheck-devel] Problem running logcheck: permissions?

Ross Boylan ross at biostat.ucsf.edu
Fri Jun 25 17:36:01 UTC 2004


On Fri, 2004-06-25 at 00:27, Todd Troxell wrote:
> Thanks, Ross.  This is an interesting problem.
> 
> Yes, this file should look like:
> -rw-r--r--    1 root     logcheck     1931 2004-06-10 04:20
> /etc/logcheck/logcheck.conf
Thanks for the info.  I have reset the ownerships to match (except for
write; see below).

> 
> We set permissions conditionally on upgrade from anything less than 1.2.19,
> so I'm a bit confused as to how it didn't get changed.  I don't think
> refusing the new config matters so much, becuase we chgrp -R everything in
> /etc/logcheck in postinst. -- Perhaps I'm wrong.
> 
> Do you happen to know what version you were running previously?
> 
>From the install log:
Preparing to replace logcheck 1.2.20a (using
.../logcheck_1.2.22a_all.deb) ...

I suspect the problem is that I am maintaining the file under rcs, run
from a root emacs.  Don't you think that combination would be sufficient
to blow away any changes in ownership or permission you do?

Another point is that there is no write permission at all on the file
most of the time, because rcs has it locked.  For example, after my
latest tweaks to ownership/permission I see
-r--r--r--    1 root     logcheck     1936 Jun 23 13:36
/etc/logcheck/logcheck.conf

Typically I maintain files locked and go through this procedure:
1. package upgrade
2. say N to replace existing config files
3. run emacs as root
4. from within emacs, do an rcs co of the config file.
5. from within emacs, do an ediff of the config file and the dpkg.new
version, merging in changes as I see fit.
6. from within emacs, rcs ci of the new version of the config file
7. delete the .dpkg.new file.


> Thanks,
> -Todd
> 
> On Wed, Jun 23, 2004 at 02:13:19PM -0700, Ross Boylan wrote:
> > I'm letting you know about this problem just in case it is a bug.  I
> > don't think it is, so I didn't want to file a bug.
> > 
> > After installing logcheck and editing the logcheck.conf file, I got the
> > following error emailed to me:
> > /usr/sbin/logcheck: line 421: /etc/logcheck/logcheck.conf: Permission
> > denied
> > mail: You must specify direct recipients with -s, -c, or -b
> > (I guess conceivably that's two separate problems).
> > 
> > Here's what I think the problem was, and the solution:
> > 
> > iron:~# ls -l /etc/logcheck/logcheck.conf
> > -r--r-----    1 root     root         1936 Jun 23 13:36
> > /etc/logcheck/logcheck.conf
> > iron:~# chown logcheck:logcheck !$
> > chown logcheck:logcheck /etc/logcheck/logcheck.conf
> > iron:~# ls -l /etc/logcheck/logcheck.conf
> > -r--r-----    1 logcheck logcheck     1936 Jun 23 13:36
> > /etc/logcheck/logcheck.conf
> > 
> > I think you meant to make the file owned by logcheck, but I screwed it
> > up because of the following sequence:
> > Said no to accepting the new logcheck.conf.
> > My old file was under rcs.
> > As root, merged in changes from logcheck.conf.dpkg.new and deleted the
> > latter.
> > 
> > In other words, I think the problem was just from this slightly off-beat
> > use of version control.  But I thought I'd let you know.
> > 
-- 
Ross Boylan                                      wk:  (415) 502-4031
530 Parnassus Avenue (Library) rm 115-4          ross at biostat.ucsf.edu
Dept of Epidemiology and Biostatistics           fax: (415) 476-9856
University of California, San Francisco
San Francisco, CA 94143-0840                     hm:  (415) 550-1062





More information about the Logcheck-devel mailing list