Run logrotate as user 10000 to avoid issue #6895 (#6962)

This commit fixes issue #6895 by running logrotate with user 10000 Signed-off-by: Wenkai Yin <yinw@vmware.com>
2024-09-20 15:25:43 +00:00 · 2019-02-20 16:05:07 +08:00 · 2019-02-20 16:05:07 +08:00 · c5bbf45414
commit c5bbf45414
parent 46882f220d
2 changed files with 12 additions and 3 deletions
--- a/make/photon/log/Dockerfile
+++ b/make/photon/log/Dockerfile
@ -10,12 +10,15 @@ COPY ./make/photon/log/rsyslog.conf /etc/rsyslog.conf
 # rsyslog configuration file for docker
 COPY ./make/photon/log/rsyslog_docker.conf /etc/rsyslog.d/

-# run logrotate hourly
-RUN mv /etc/cron.daily/logrotate /etc/cron.hourly/logrotate
+# remove the original "logrotate" in directory "/etc/cron.daily/"
+# and copy the customized one to directory "/etc/cron.hourly/" 
+# to run logrotate hourly
+RUN rm /etc/cron.daily/logrotate
+COPY ./make/photon/log/logrotate /etc/cron.hourly/

 COPY ./make/photon/log/start.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/start.sh /etc/rsyslog.d/ && \
-    chown -R 10000:10000 /etc/rsyslog.conf /etc/rsyslog.d/ /run 
+    chown -R 10000:10000 /etc/rsyslog.conf /etc/rsyslog.d/ /run /var/lib/logrotate/

 HEALTHCHECK CMD netstat -ltu|grep 10514

--- a/make/photon/log/logrotate
+++ b/make/photon/log/logrotate
@ -0,0 +1,6 @@
+#!/bin/sh
+
+# run the logrotate with user 10000, the state file "/var/lib/logrotate/logrotate.status"
+# is specified to avoid the permission error
+sudo -u \#10000 -E /usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf
+exit 0