logdir should have same permissions as cache_root

[stdweird]

To prevent info leakage from file diffs due to verbose_logfile

[stdweird]

See https://github.com/quattor/CAF/issues/100

[stdweird]

This is actually harder than expected. The cache_root permissions are derived from the CCM configfile, but there is no relation between ncm-ncd and that configfile. (ccm-fetch/ccm-initialise also have no knowledge of the ncm-ncd.conf file, so no clue where the logdir is) I could copy the permission and ownership bits from the cache root apply them to the ncm-ncd logdir, but that sounds ugly.

@ned21 toughts?

[ned21]

I think it's best to make a configuration setting in ncm-ncd.conf, logperms, or similar (logfilemode?) and then default to owner only. Template validation can then be used to check that ncm-ncd log file modes are compatible with ccm config.

Did we agree verbose logging would be on or off by default? What is the current log perms for ncm-ncd?

[stdweird]

@ned21 ccm.conf has a group_readable setting with group name and a world_reable boolean. not sure how we can check that against a single ncm-ncd.conf entry. and you want permission set on logfile or on the logdir?

current permissions are 644.

verbose logging will be on if https://github.com/quattor/ncm-ncd/pull/88 gets merged; that's why i consider this a blocker. (verbose logging is really nice, we've rolled it out on some of our test boxes already)

[ned21]

I would set it on the logfiles since that's then an easy switch to make via a config option?

Handling world-readable is straight-forward (check world_readable boolean) but I can see how group_readable gets trickier. We only need world_readable so could live with that for now -- do you need group_readable? Can you clone the config from ccm and then use a template to check that the ncm and ccm configs are the same? i.e. if one has world-readable then the other too and if one has group_readable the value for both must be the same?

[stdweird]

setting it on th elogfiles is actually harder, since CAF::Log/Reporter do not support permissions/ownership.

i would use the same config parameters as ccm group_readable (or log_group_readable) and world_readable; and also the same code to get the permissions.

i'm not sure the schema can set defaults like that. but an admin can ofcourse (and if the default on the logdir is perm 700 owner root, i see not much harm).