What's new

Entware, Logrotate w/o User "root"?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sk3l

New Around Here
Greetings Forum,

I am a happy user of the Asuswrt-Merlin firmware, & I have recently sought to expand on some of the cool capabilities that it offers us. One thing I did was format a big USB stick, put it in the router and use some custom init scripting to output the syslog file to the USB stick. Many thanks to the participants in this thread for helping show the way for me.

So now, I can point the system log to the USB drive & make it persist across boots. The next step for me is to prune the log based on logrotate rules. This is where I'm having an issue. I have the logrotate conf set up as discussed in the thread from above. However, when I try to test the conf using logrotate -dv, I get an odd error:

Code:
logrotate -dv /opt/etc/logrotate.conf

Ignoring /opt/etc/logrotate.conf because there's no password entry for the owner.

Handling 0 logs

It would seem the version of logrotate included from the entware suite is expecting the canonical "root" user to be defined in /etc/passwd. We have a root user, but it is not named "root", and I think older revs of logrotate might be hardcoded to need that user name.

If I add shadow-useradd from entware and sneak in a root user, then logrotate will do its debug run successfully, and I can use the "su" rule within the logrotate.conf file to execute under the user I wish. The problem with this kludge is that it will not persist across router reboots. The passwd file must be restored from nvram or something, clobbering any customizations I might try. I also attempted to be a little clever and invoke useradd from some of the jffs custom scripts, post-mount, init-start, etc. but it seems like those events must take place before the stock passwd file is restored.

Has anyone encountered this hurdle with setting up logrotate for their system log? If so, how did you surpass it, if at all? Are there newer logrotate sources available, or did you find a way to keep the "root" user alive across reboot, or something else?

TIA,
-Mike
 
What is the benefit of doing that?
 
If I add shadow-useradd from entware and sneak in a root user [...] will not persist across router reboots.

No need for entware to set up a user. Since you're running Merlin's firmware, just create a file /jffs/passwd.add, put in your root user there, and reboot. If you need a password, you'll also have to add a line with the hash in /jffs/shadow.add. Syntax for both files is the same as for /etc/passwd and /etc/shadow, respectively.

Edit: BTW, for me the standard syslogd -h shows options for log rotation :
Code:
-s SIZE		Max size (KB) before rotation (default:200KB, 0=off)
-b N		N rotated logs to keep (default:1, max=99, 0=purge
However, last time I tried that it didn't work. (On Merlin's build 374.30_2.) Maybe it works for you?
 
Last edited:
@L&LD: Personally, I don't want my syslog growing unbounded. I don't want it taking up a large amount of space on my USB drive, I'd like to keep the logs brief for ease in reading them, I'd like the logs broken out per day/week/whatever for ease of search (and possibly automated use), I'd like to be able to purge historical data at some interval, and on and on.

@ckane: thanks, that is very helpful indeed. I hadn't noticed the option to rotate natively from within syslogd; I'll try it out. However, logrotate has more sophisticated options for log manipulation, e.g. rotation based on time period, compression, post-rotation script, etc.
 
@ckane, is there some place to get documentation about integration features like the passwd.add file for /jffs? I know about /jffs/configs & /jffs/scripts, but I hadn't seen anything about customizing user accounts like that. If there is any wiki information (didn't see this covered over at github) or similar manual type material, that'd be awesome.
 
Of course you are correct ckane, I re-read the wiki and saw this line:

Code:
group, gshadow, passwd, shadow (only [B].add[/B] versions supported)

That's mea culpa for not reading close enough.

One other thing I'd like to add about this log rotation exercise.

If you follow the link I posted above to another thread relating to configuring logrotate, there is a small error in the manner in which the cron job is described for kicking off logrotate at some specific time.

In that post, the format for a system-wide cron job is described, in which the field at position 6 is the user account for which the task will run:

Code:
0 0 * * * [B]admin[/B] /opt/sbin/logrotate -f /opt/etc/logrotate.conf &>/dev/null

This was giving me issues, because AFAICT, there is no system-wide crontab in this environment, and the instructions in that thread are actually pertinent to inserting a cron entry for a specific user (i.e. admin). As such, any cron jobs in the user crontab will automatically run under the user's account, so it is not permissible to enter the user account in field 6, only the command to execute. Thus, the cronjobs file should be:

Code:
0 0 * * * /opt/sbin/logrotate -f /opt/etc/logrotate.conf &>/dev/null

This tripped me up, and I figured I'd mention it in case anyone else goes in this direction.

Thanks again for your help ckane.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top