Subject: Re: newsyslog and script execution instead of sending signal to process
To: NetBSD-current Users's Discussion List <firstname.lastname@example.org>
From: Brett Lymn <email@example.com>
Date: 07/16/2007 16:55:34
On Mon, Jul 16, 2007 at 02:49:29AM -0400, Greg A. Woods wrote:
> It's extremely inelegant to have newsyslog invoking other programs,
> never mind opening a whole new can of worms on the security front.
There is already this wheel in Solaris called logadm - it allows
pre/post log roll scripts. Having yet another cron job that is just
there to watch a directory and move the logs is rather inelegant in
itself - nevermind the race condition if the log is still in the
process of being rolled when it is moved/compressed. You don't have
to run the scripts as root - you can always su to the correct user
before running the roll script (if that is really necessary).