From 9bf7cb0b7415857a4ee73676f986012a419a17b8 Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Tue, 19 Apr 2022 14:53:55 +0300 Subject: packaging: Set default permissions for /var/log/frr to 0755 At the moment we set /var/log/frr permissions to 0750 (frr:frr), but the log file is 0640 (root:adm) (unless logrotated) and that doesn't allow adm group to even open the directory. Signed-off-by: Donatas Abraitis --- debian/frr.postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/frr.postinst b/debian/frr.postinst index 505ff8eaf8..4e23cd3cec 100644 --- a/debian/frr.postinst +++ b/debian/frr.postinst @@ -16,7 +16,7 @@ adduser \ frr usermod -a -G frrvty frr -mkdir -p /var/log/frr +mkdir -m 0755 -p /var/log/frr mkdir -p /etc/frr -- cgit v1.2.3 From b5b09eee6df283c120f9db459a61c9cc4828f59d Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Tue, 19 Apr 2022 16:45:03 +0300 Subject: packaging: Use 0640 (frr:frr) as permissions when running under logrotate When we do "log file /var/log/frr/something", permissions are set to 0640 (frr:frr), but when the logrotate kicks in, we have 0640 (frr:frrvty). I believe, we should have a consistent permissions. Signed-off-by: Donatas Abraitis --- debian/frr.logrotate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/frr.logrotate b/debian/frr.logrotate index a56a908bdf..a5af25f034 100644 --- a/debian/frr.logrotate +++ b/debian/frr.logrotate @@ -4,7 +4,7 @@ missingok compress rotate 14 - create 640 frr frrvty + create 0640 frr frr postrotate pid=$(lsof -t -a -c /syslog/ /var/log/frr/* 2>/dev/null) -- cgit v1.2.3