Closed bschwand closed 3 months ago
owner and 0600 permissions
This is default behavior of daemon utility.
It would make more sense to create it storagenode:storagenode and 0644
I agree.
I think before starting the service, a 'touch' on the log files is needed to create them with proper permission/owner also the newsyslog.conf file would need to add the right permissions.
👍 3c2db43242272b6094d342c7c5c20ed421336981
I tested manually to change the owner and mode of the log files and it seems the daemon persists in creating the log file owned by root:wheel and 0600
actually, newsyslog also needs to set the owner and permissions so something like this in /etc/newsyslog.conf.d/storj.conf
/var/log/storagenode.log storagenode:storagenode 644 20 * @T00 J /var/run/storagenode.pid
but I am not sure newsyslog creates an empty log file after it rotates logs, does it ? PS: ah yes, according to the man page.
seems the daemon persists in creating the log file owned by root:wheel and 0600
yes, it does, according to the manual:
-o output_file Append output from the daemonized process to output_file. If the file does not exist, it is created with permissions 0600.
but I am not sure newsyslog creates an empty log file after it rotates logs, does it ?
oh it looks like I need to specify -C flag for this to work.
actually newsyslog already runs with -C, it's specified in /etc/default/rc.conf you mean add the C flag to the /etc/newsyslog.conf.d/storj.conf
Oh indeed it is. I guess then I just need to add nesyslog as a dependency for storagenode rc.d script, so it runs first and creates the files during the first execution, and undo setting the mode in the storagenode's rc script.
yes, but I am not sure running newsyslog would do it, it's not a given it would execute that log line (it depends on the time...) my understanding is that :
and so no dependency is needed
You are right, thank you for suggestion. I tested this approach and it seems to work as expected.
310a10e8c295d102c1cb85e42883cd7699a13622
# ls -alt /var/log/storagenode* | head -2
-rw-r--r-- 1 storagenode storagenode 95122 Jun 20 17:39 /var/log/storagenode.log
-rw-r--r-- 1 storagenode storagenode 3443 Jun 20 12:00 /var/log/storagenode.log.0.bz2
the storj log files are created with root:wheel owner and 0600 permissions. It would make more sense to create it storagenode:storagenode and 0644 For example, if running some data collector like zabbix, the log file should be readable not just by root but also the zabbix agent (and really as logs go, anyone...)
Right now, since storj is run under daemon, it's daemon that creates the initial log file in 0600 and root:wheel.
I think before starting the service, a 'touch' on the log files is needed to create them with proper permission/owner also the newsyslog.conf file would need to add the right permissions.