error: error creating state file /var/lib/logrotate/status: Permission denied

Question

Trying to use logrotate and I get the following error when I run the log rotate script for a particular definition in logrotate.d

error: error creating state file /var/lib/logrotate/status: Permission denied

/var/lib/logrotate$ ls -lah
total 12K
drwxr-xr-x  2 root root 4.0K 2012-05-11 06:25 .
drwxr-xr-x 43 root root 4.0K 2012-05-18 08:07 ..
-rw-r--r--  1 root root  911 2012-05-25 06:25 status

I haven't touched that path, so I wonder why it would create an error by default...

Answer 1

Are you sure you run this command as root...? ;) If so please check if there is an AppArmour on the system - if yes check it's configuration or uninstall it (Ubuntu case).

Answer 2

DO NOT chmod the default status file to 666. If you chmod it, every user on the system is able to use logrotate as attack vector.

Just define a (private) state file for your user (Assuming that you are trying to run it as regular user) with option [-s|--state file].

Answer 3

There was this line in a crontab:

*  *  *  *  *   root    logrotate -s /var/run/logrotate.status /etc/logrotate.conf

Even though it was running as root, I couldn't get rid of the "error: error creating state file /var/run/logrotate/status: Permission denied" error.

So I just used a different directory:

*  *  *  *  *    root    /usr/sbin/logrotate -s /var/log/logrotate.status -v /etc/logrotate.conf >/tmp/logrotate.out 2>&1

Used the debugging idea from https://serverfault.com/questions/762587/daily-logrotate-error-creating-unique-temp-file-permission-denied but changed it so the output file doesn't grow indefinitely, which would be ironic.

The verbose mode didn't provide any additional information in this case, by the way, just which config file it was reading and the same error message. But it was better having the output on that file rather than in /var/mailspool.