logrotate 權限被拒絕

為什麼我在執行時重命名日誌文件時被拒絕 logrotate？下面顯示的我的日誌文件的所有者rajohns是登錄執行logrotate下面顯示的命令的同一使用者。

$ cat /etc/logrotate.d/judgecard-api-0.0.1

/var/log/judgecard-api-0.0.1.log {
   su rajohns rajohns
   weekly
   rotate 4
   create 0777 rajohns rajohns
   missingok
   notifempty
   postrotate
       systemctl restart judgecard-api-0.0.1.service > /dev/null
   endscript
}

$ ls -l /var/log/judgecard-api-0.0.1.log

-rwxrwxrwx 1 rajohns rajohns 10578 Feb 12 23:01 /var/log/judgecard-api-0.0.1.log

$ sudo logrotate -vf -s ~/logrotate_test_status_file Judgecard-api-0.0.1

reading config file judgecard-api-0.0.1

Handling 1 logs

rotating pattern: /var/log/judgecard-api-0.0.1.log  forced from command line (4 rotations)
empty log files are not rotated, old logs are removed
switching euid to 1000 and egid to 1000
considering log /var/log/judgecard-api-0.0.1.log
 log needs rotating
rotating log /var/log/judgecard-api-0.0.1.log, log->rotateCount is 4
dateext suffix '-20180212'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
renaming /var/log/judgecard-api-0.0.1.log.4 to /var/log/judgecard-api-0.0.1.log.5 (rotatecount 4, logstart 1, i 4), 
old log /var/log/judgecard-api-0.0.1.log.4 does not exist
renaming /var/log/judgecard-api-0.0.1.log.3 to /var/log/judgecard-api-0.0.1.log.4 (rotatecount 4, logstart 1, i 3), 
old log /var/log/judgecard-api-0.0.1.log.3 does not exist
renaming /var/log/judgecard-api-0.0.1.log.2 to /var/log/judgecard-api-0.0.1.log.3 (rotatecount 4, logstart 1, i 2), 
old log /var/log/judgecard-api-0.0.1.log.2 does not exist
renaming /var/log/judgecard-api-0.0.1.log.1 to /var/log/judgecard-api-0.0.1.log.2 (rotatecount 4, logstart 1, i 1), 
old log /var/log/judgecard-api-0.0.1.log.1 does not exist
renaming /var/log/judgecard-api-0.0.1.log.0 to /var/log/judgecard-api-0.0.1.log.1 (rotatecount 4, logstart 1, i 0), 
old log /var/log/judgecard-api-0.0.1.log.0 does not exist
log /var/log/judgecard-api-0.0.1.log.5 doesn't exist -- won't try to dispose of it
renaming /var/log/judgecard-api-0.0.1.log to /var/log/judgecard-api-0.0.1.log.1
error: failed to rename /var/log/judgecard-api-0.0.1.log to /var/log/judgecard-api-0.0.1.log.1: Permission denied
switching euid to 0 and egid to 0

顯然 /var/log 旋轉失敗，因為該目錄通常屬於 root:adm。

你可以看看 Apache 和其他人，看看他們是如何做到的。

通常的做法是在 /var/log 下創建一個子目錄，並讓另一個使用者成為它的所有者：

sudo mkdir /var/log/judgecards
chown rajohns /var/log/judgecards

然後移動舊日誌並在此處創建應用程序的新日誌。

引用自：https://unix.stackexchange.com/questions/423739