235205 – mail-filter/dspam logrotate sets 644 instead of 660

Bug 235205 - mail-filter/dspam logrotate sets 644 instead of 660

Summary: mail-filter/dspam logrotate sets 644 instead of 660

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Net-Mail Packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-08-19 17:23 UTC by Robert Buchholz (RETIRED)
Modified:	2008-08-20 06:06 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-08-19 17:23:17 UTC

The dspam ebuilds sets 770 chmod on the /var/log/dspam directory, so errors can be logged even if users invoke the setgid dspam binary:
       diropts -m0770 -o dspam -g dspam
       dodir "${DSPAM_LOGDIR}"

dspam itself then also creates 660 'dspam.log' files. However, if the default logrotate script is used, the empty dspam.log files that are created are 664. This will disable logging for non-dspam users, and allows reading for others (why?).

I propose the logrotate file to read:
...
        create 0660 dspam dspam
...

Comment 1 Alin Năstac (RETIRED) gentoo-dev

2008-08-20 06:06:24 UTC

Actually copytruncate is the right way of doing it.

Fixed in dspam-3.8.0-r13.