Fix logrotate "Operation not permitted"

PR 75 (commit afb6346) added support for the 'su' directive of logrotate. However, when using 'su', we cannot chown to arbitrary file owners anymore, which means that unless the file has already been created with the same permissions we'll get an error. Fix this by not using chown and su together.
2019-03-31 21:22:31 +02:00 · 2019-03-31 21:22:31 +02:00 · a205fd0887
parent 34e03644fb
commit a205fd0887
2 changed files with 4 additions and 4 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -130,6 +130,8 @@ if(NOT DEFINED LOGROTATE_HAS_SU)
 endif()
 if(LOGROTATE_HAS_SU)
  set(LOGROTATE_USE_SU "\n\tsu ${ICINGA2_USER} ${ICINGA2_GROUP}")
+else()
+  set(LOGROTATE_CREATE "\n\tcreate 644 ${ICINGA2_USER} ${ICINGA2_GROUP}")
 endif()

 find_package(Boost ${BOOST_MIN_VERSION} COMPONENTS thread system program_options regex REQUIRED)
--- a/etc/logrotate.d/icinga2.cmake
+++ b/etc/logrotate.d/icinga2.cmake
@ -4,8 +4,7 @@
 	compress
 	delaycompress
 	missingok
-	notifempty
-	create 644 @ICINGA2_USER@ @ICINGA2_GROUP@
+	notifempty@LOGROTATE_CREATE@
 	postrotate
 		/bin/kill -USR1 $(cat @ICINGA2_INITRUNDIR@/icinga2.pid 2> /dev/null) 2> /dev/null || true
 	endscript
@ -17,7 +16,6 @@
 	compress
 	delaycompress
 	missingok
-	notifempty
-	create 644 @ICINGA2_USER@ @ICINGA2_GROUP@
+	notifempty@LOGROTATE_CREATE@
 	# TODO: figure out how to get Icinga to re-open this log file
 }