search

sile / sloggers

A Rust library which provides frequently used slog loggers and convenient functions
MIT License
37 stars 18 forks source link

Logfile compression bypasses restricted permissions #52

Closed macladson closed 2 years ago

macladson commented 2 years ago

I only noticed this after #51 was merged, but when building a file logger, if both restrict_permissions and compress are set, the logfile is initially created with umask of 600 but upon compression, the compressed files are set to 644.

I suspect this is because unlike the regular file rotation which simply renames the files in place (leaving any existing permissions intact), compression creates a new file (with a new set of permissions) which the contents of the log file are then written into.

sile commented 2 years ago

Oh, you're right. We need to address this problem.

I suspect this is because unlike the regular file rotation ...

Yes. When compression mode is enabled, sloggers compresses a log file at the time that the file gets rotated (that is, sloggers never compress log messages just when they're being written to a log file). So perhaps it's needed to call the restrict_file_permissions() function at that time too.