log files owner:group

[bschwand]

the storj log files are created with root:wheel owner and 0600 permissions. It would make more sense to create it storagenode:storagenode and 0644 For example, if running some data collector like zabbix, the log file should be readable not just by root but also the zabbix agent (and really as logs go, anyone...)

Right now, since storj is run under daemon, it's daemon that creates the initial log file in 0600 and root:wheel.

I think before starting the service, a 'touch' on the log files is needed to create them with proper permission/owner also the newsyslog.conf file would need to add the right permissions.

[arrogantrabbit]

owner and 0600 permissions

This is default behavior of daemon utility.

It would make more sense to create it storagenode:storagenode and 0644

I agree.

I think before starting the service, a 'touch' on the log files is needed to create them with proper permission/owner also the newsyslog.conf file would need to add the right permissions.

👍 3c2db43242272b6094d342c7c5c20ed421336981

[bschwand]

I tested manually to change the owner and mode of the log files and it seems the daemon persists in creating the log file owned by root:wheel and 0600

actually, newsyslog also needs to set the owner and permissions so something like this in /etc/newsyslog.conf.d/storj.conf

/var/log/storagenode.log storagenode:storagenode 644 20 * @T00 J /var/run/storagenode.pid

but I am not sure newsyslog creates an empty log file after it rotates logs, does it ? PS: ah yes, according to the man page.

[arrogantrabbit]

seems the daemon persists in creating the log file owned by root:wheel and 0600

yes, it does, according to the manual:

-o output_file
            Append output from the daemonized process to output_file.  If the
            file does not exist, it is created with permissions 0600. 

but I am not sure newsyslog creates an empty log file after it rotates logs, does it ?

oh it looks like I need to specify -C flag for this to work.

[bschwand]

actually newsyslog already runs with -C, it's specified in /etc/default/rc.conf you mean add the C flag to the /etc/newsyslog.conf.d/storj.conf

[arrogantrabbit]

Oh indeed it is. I guess then I just need to add nesyslog as a dependency for storagenode rc.d script, so it runs first and creates the files during the first execution, and undo setting the mode in the storagenode's rc script.

[bschwand]

yes, but I am not sure running newsyslog would do it, it's not a given it would execute that log line (it depends on the time...) my understanding is that :

• daemon creates the file only if it does not already exist, so as part of the install, the log file should be created with proper owner and mode before running storagenode for the first time. This way it just picks it up and starts writing to it.
• therefore no need to mess with log files in the rc script. However, I can imagine the logs being deleted, then on the next storage node start, daemon will create the log with incorrect owner and mode. So I think the prudent thing is to touch the log file in the rc script anyway, but only if the log file does not exist.
• newsyslog will rotate the logs and create an empty file with proper owner and mode if the flag C is on the /usr/local/etc/newsyslog.conf.d/storj.conf

and so no dependency is needed

[arrogantrabbit]

You are right, thank you for suggestion. I tested this approach and it seems to work as expected.

310a10e8c295d102c1cb85e42883cd7699a13622

# ls -alt /var/log/storagenode*  | head -2
-rw-r--r--  1 storagenode  storagenode      95122 Jun 20 17:39 /var/log/storagenode.log
-rw-r--r--  1 storagenode  storagenode       3443 Jun 20 12:00 /var/log/storagenode.log.0.bz2