Hi, We have a log monitoring system that we are attempting to give access to be able to read our dirsrv access, error, and audit logs to. We have set the default ACL on /var/log/dirsrv/slapd-inst/ to be: # file: . # owner: nobody # group: nobody user::rwx user:splunk:r-x group::rwx #effective:r-x mask::r-x other::--- default:user::rwx default:user:splunk:r-x default:group::rwx #effective:r-x default:mask::r-x default:other::--- When you touch a test file it correctly inherits the ACL: # file: test # owner: nobody # group: nobody user::rw- user:splunk:r-x group::rwx #effective:r-x mask::r-x other::--- However, once 389 rotates the logs the permissions are incorrectly set to: # file: access # owner: nobody # group: nobody user::rw- user:splunk:r-x #effective:--- group::rwx #effective:--- mask::--- other::--- IE the effective rights mask is stripped. I believe that there is something that is happening in the 389 log rotation process that causes this to be stripped, I just can't identify what. Any advice would be appreciated. Sincerely, -- William <william@xxxxxxxxxxxxxxx> -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
