Re: A better method than daisy-chaining logging files?

From: Laurent Bercot <ska-supervision_at_skarnet.org>
Date: Mon, 17 Jun 2019 17:58:39 +0000

># s6-svc -a /run/scan/apache24-error-log
>
>The result is a directory containing
>-rw-r--r-- 1 mylogger www 0B Jun 17 15:34 state
>-rw-r--r-- 1 mylogger www 0B Jun 17 15:34 lock
>-rwxr--r-- 1 mylogger www 329B Jun 17 15:34 previous
>-rw-r--r-- 1 mylogger www 0B Jun 17 15:34 current
>
>and an error message
>s6-log: warning: unable to finish previous .s to logdir
>/var/log/httpd/error: Operation not permitted
>
>I've su'ed into the /var/log/httpd/error as "logger" and I'm able to
>create and compress files within the directory; so there are no
>permission issues. And both execlineb and s6-log are installed with 766
>privs.

You mean "mylogger", I assume? Does the mylogger user belong
to the www group?
What are the permissions on the /var/log/httpd/error directory
itself?
Can you send a strace, or a kdump/ktrace, of the s6-log process
when the error occurs? One of the system calls performed during a
rotation is failing with EPERM and knowing which one will help us
pinpoint exactly what's going wrong.


>Does s6-log require root:wheel privs to perform functions within the log
>directory?

No, if the logdir belongs to the user s6-log is running as, and has
at least S_IRWXU permissions, then s6-log is good to go. Something else
is going on here, and knowing what syscall is failing will tell us
where to look.

--
Laurent
Received on Mon Jun 17 2019 - 17:58:39 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC