08-15-2019
We also use logrotate, and this runs as a privileged user (for example root), as it does on most Linux systems I am currently using.
In other words, we do not use sudo to run logrotate because root kick off this process when it runs (I assume, but have not really looked deeply into it), and so it had permissions to chmod, chown, etc. on the archived log files.
10 More Discussions You Might Find Interesting
1. Linux
Hi,
I have edited 'sudoers' file to allow 'cads' user shutdown the system without providing a password.
Can someone tell me what's wrong with my file?
It's not working when I 'sudo SHUTDOWN' command:
sudo: SHUTDOWN: command not found
Thanks a lot!
# Host alias specification... (4 Replies)
Discussion started by: whatisthis
4 Replies
2. Solaris
root@dervish # cat /etc/sudoers
cat: cannot open /etc/sudoers
This is what I get when I try to search for the sudoers files. I want to create a user by name jda and assign him root privileges. How can I do that using sudo command and editing sudoers file.
Please help me. (12 Replies)
Discussion started by: bharu_sri
12 Replies
3. UNIX for Advanced & Expert Users
I'm stuck with a dilemma. I am trying to control userid's access to the su command in such a way that he will not be able to su to root (su, su -, su root, su - root) but he will be able to su to any other user. I have tried the following syntax:
userid ALL=/usr/bin/su ?*, !/usr/bin/su *root*... (2 Replies)
Discussion started by: chuckuykendall
2 Replies
4. UNIX for Advanced & Expert Users
i have defined a rule in the sudoers file so a specific user is able to run some commands as sudo with no password.
my question is: is it possible to restrict a user to run commands as sudo only in a certain directory? for example: chown only the files that are located in /var/tmp.
Thank you.
... (2 Replies)
Discussion started by: noam128
2 Replies
5. UNIX for Dummies Questions & Answers
how to take backup of a file , tell command and syntax (1 Reply)
Discussion started by: sunilamarnadh
1 Replies
6. Cybersecurity
Hi all,
I'm trying to setup my sudoer file at work to have the right security, but I'm not able to refine to the level I want.
Here's what I would like to have:
=> OS Users
- John (group staff)
- Bob (group staff)
- app20adm (group app20grp)
- app70adm (group app70grp)
- sys20adm... (0 Replies)
Discussion started by: victorbrca
0 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I was asked to create sudoers file for operation team so they can sudo as another user and run few commands.
I have updated /etc/sudoers file.
User_Alias LEVEL1 = JamesF, dennisW, juanC, steveS,
Cmnd_Alias SU_PROD=/bin/su prod, /bin/su - prod
Cmnd_Alias SU_NYOP=/bin/su... (2 Replies)
Discussion started by: samnyc
2 Replies
8. Emergency UNIX and Linux Support
Hi,
I need the details of which ids belong to the sudoers file, and which groups these ids belong to.
Can anyone suggest a way to derive that information into a flat file please?
G (4 Replies)
Discussion started by: ggayathri
4 Replies
9. UNIX for Dummies Questions & Answers
Hi
using Solaris 10. trying to update /etc/sudoers file
I need to add all the fist level operation team. This is what I have but it doesn't seem to work. Please help.Error message
sudo su -
>>> sudoers file: parse error, line 9 <<<
>>> sudoers file: parse error, line 9 <<<
... (2 Replies)
Discussion started by: samnyc
2 Replies
10. Solaris
In the sudoers file in Solaris...
I am trying to limit the DEVELOPER user privileges to where those users can only use the “rm” command in certain directories. This is to prevent them from deleting directories or files and destroying a server. I want them to be able to use the "rm" command but... (1 Reply)
Discussion started by: nzonefx
1 Replies
SAVELOG(8) System Manager's Manual SAVELOG(8)
NAME
savelog - save a log file
SYNOPSIS
savelog [-m mode] [-u user] [-g group] [-t] [-p] [-c cycle] [-l] [-j] [-J] [-1 .. -9] [-C] [-d] [-l] [-r rolldir] [-n] [-q] [-D dateformat]
file ...
DESCRIPTION
The savelog command saves and optionally compresses old copies of files. Older versions of file are named:
file.<number><compress_suffix>
where <number> is the version number, 0 being the newest. Version numbers > 0 are compressed unless -l prevents it. Version number 0 is
not compressed because a process might still have file opened for I/O. Only cycle versions of the file are kept.
If the file does not exist and -t was given, it will be created.
For files that do exist and have lengths greater than zero, the following actions are performed:
1) Version numbered files are cycled. Version file.2 is moved to version file.3, version file.1 is moved to version file.2, and so on.
Finally version file.0 is moved to version file.1, and version file is deleted. Both compressed names and uncompressed names are
cycled, regardless of -l. Missing version files are ignored.
2) The new file.1 is compressed unless the -l flag was given. It is changed subject to the -m, -u, and -g flags.
3) The main file is moved to file.0.
4) If the -m, -u, -g, -t, or -p flags are given, then an empty file is created subject to the given flags. With the -p flag, the file
is created with the same owner, group, and permissions as before.
5) The new file.0 is changed subject to the -m, -u, and -g flags.
OPTIONS
-m mode
chmod the log files to mode, implies -t
-u user
chown log files to user, implies -t
-g group
chgrp log files to group, implies -t
-c cycle
Save cycle versions of the logfile (default: 7). The cycle count must be at least 2.
-t touch new logfile into existence
-l don't compress any log files (default: do compress)
-p preserve owner, group, and permissions of logfile
-j compress with bzip2 instead of gzip
-J compress with xz instead of gzip
For xz no strength option is set, and xz decides on the default based on the total amount of physical RAM. Note that xz can use a
very large amount of memory for the higher compression levels.
-1 .. -9
compression strength or memory usage (default: 9, except for xz)
-C force cleanup of cycled logfiles
-d use standard date for rolling
-D dateformat
override date format, in the syntax understood by the date(1) command
-r use rolldir instead of . to roll files
-n do not rotate empty files
-q be quiet
BUGS
If a process is still writing to file.0, and savelog moves it to file.1 and compresses it, data could be lost.
SEE ALSO
logrotate(8)
Debian 30 Dec 2017 SAVELOG(8)