Re: A better method than daisy-chaining logging files?

From: Laurent Bercot <ska-supervision_at_skarnet.org>
Date: Tue, 18 Jun 2019 06:35:48 +0000

>FYI: The fifo queue permissions, which the jail sees
>pr---w---- 1 mylogger www 0B May 31 13:27 apache24-error|

Ah, so the www group is the one that writes to the fifo. Got it.

Then you don't need mylogger to belong to the www group (and
it's probably better for privilege separation that it doesn't),
but you apparently need the logdir to belong to the primary group
of the mylogger user. There is no reason for the logdir to belong
to the www group.

The error you got still strikes me as weird, and shouldn't happen
unless you have strange permissions for the logdir itself, or
FreeBSD is doing something wonky with gid checking. For my peace
of mind, I'd still like to see the permissions on your logdir,
and a ktrace of the error.

--
Laurent
Received on Tue Jun 18 2019 - 06:35:48 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC