Closed erikanderson closed 3 years ago
The error is this: Errno::EACCES: Permission denied
The first logstash code line in the stack trace is this: .../gems/logstash-output-file-4.0.1/lib/logstash/outputs/file.rb:280:in `open'"
fd = File.new(path, "a+")
So, we are opening the file in "append" mode, at least, as far as the Ruby code we are calling. Honestly, I have no knowledge of what chattr +a
causes on a file in terms of what syscalls will fail, so I'll need your help debugging this. strace
output and other testing would help.
Looks like JRuby 's append opens the file like this:
open("/home/jls/a", O_RDWR|O_CREAT, 0666) = -1 EPERM (Operation not permitted)
And MRI does this:
open("a", O_RDWR|O_CREAT|O_APPEND|O_CLOEXEC, 0666) = 7
The lack of O_APPEND seems to be the problem, and this isn't something (I don't think?) Logstash can fix. This could be somewhere upstream in JRuby or Java.
I am guessing this is an unfortunate integration problem between Linux's
specific chattr +a
behavior and JRuby's implementation of
opening-files-for-append (at least in JRuby 1.7.26, it seems). I haven't
dug any deeper.
On Mon, Mar 13, 2017 at 4:38 PM, Jordan Sissel notifications@github.com wrote:
Looks like JRuby 's append opens the file like this:
open("/home/jls/a", O_RDWR|O_CREAT, 0666) = -1 EPERM (Operation not permitted)
And MRI does this:
open("a", O_RDWR|O_CREAT|O_APPEND|O_CLOEXEC, 0666) = 7
The lack of O_APPEND seems to be the problem, and this isn't something (I don't think?) Logstash can fix. This could be somewhere upstream in JRuby or Java.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/logstash-plugins/logstash-output-file/issues/51#issuecomment-286277246, or mute the thread https://github.com/notifications/unsubscribe-auth/AAIC6rih4waQW7m65pPtxwfqvMHs6ETUks5rldNhgaJpZM4MbyKG .
Java does the right thing with FileOutputStream if true
is given for the append argument, new FileOutputStream("some path", true)
and this mode in Java works against chattr +a
files in my testing.
Thanks for the research you've done so far.
It looks like jruby should be understanding the 'a' and the '+' flags correctly so I'm not sure where the disconnect is, going to look into it
I tried fd = File.new(path, "a+")
with jruby 9.1.7.0 and didn't get the Errno::EACCES: Permission denied
error
jruby-9.1.7.0 :001 > fd = File.new('test', 'a+')
=> #<File:test>
jruby-9.1.7.0 :002 > fd.write('asd')
=> 3
Same test fails with jruby 1.7.22
jruby-1.7.22 :001 > fd = File.new('test', 'a+')
Errno::EACCES: Permission denied - /home/erik.anderson/test
from org/jruby/RubyFile.java:364:in `initialize'
from org/jruby/RubyIO.java:853:in `new'
from (irb):1:in `evaluate'
from org/jruby/RubyKernel.java:1079:in `eval'
from org/jruby/RubyKernel.java:1479:in `loop'
from org/jruby/RubyKernel.java:1242:in `catch'
from org/jruby/RubyKernel.java:1242:in `catch'
from /usr/local/rvm/rubies/jruby-1.7.22/bin/irb:13:in `(root)'
We are testing the ability for logstash to write to an append only file for security purposes. (Ubuntu 14.04/Logstash 5.2.2)
We let logstash create and open the file, then set the target file to append only, using
chattr +a {file}
.Logstash is able to continue writing to the file but once it closes and then attempts to open the file again logstash produces this error and crashes: https://gist.github.com/erikanderson/fd243942d7119bb116baec2318ff6b6e
I realize this is probably an issue within ruby/jruby and I am going to research if there is a way to accomodate this.