From 893ab396daffebfe5bb97e9fcf0adbd7fda1b828 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Fri, 18 Jan 2019 16:10:56 +0100 Subject: [PATCH] logrotate.8: encourage admins to use the `su` directive ... to rotate files in directories that are directly or indirectly in control of non-privileged users. Originally reported in the following pull request: https://github.com/logrotate/logrotate/pull/235 Closes #236 Upstream-commit: 3e170c0609a18e0bb5fd7f647cb877221d576456 Signed-off-by: Kamil Dudka --- logrotate.8.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/logrotate.8.in b/logrotate.8.in index 56c4a32..ee26821 100644 --- a/logrotate.8.in +++ b/logrotate.8.in @@ -575,7 +575,9 @@ user/group (usually root). \fIuser\fR specifies the user name used for rotation and \fIgroup\fR specifies the group used for rotation. If the user/group you specify here does not have sufficient privilege to make files with the ownership you've specified in a \fIcreate\fR instruction, -it will cause an error. +it will cause an error. If logrotate runs with root privileges, it is +recommended to use the \fBsu\fR directive to rotate files in directories +that are directly or indirectly in control of non-privileged users. .TP \fBtabooext\fR [+] \fIlist\fR -- 2.21.3