Re: A better method than daisy-chaining logging files?
 
Sure.  I don't think the permissions are particularly weird? ;)
Remember we're effectively talking about two VM's one running apache and
the other being a log recipient, so priv's aren't a big deal in this
latter's context.  On the logger, the files, as requested are:
# ls -lrth /var/log/httpd | grep error ; ls -lrth  /var/log/httpd/error
drwx------  2 mylogger  www   512B Jun 18 15:06 error/
total 44
-rw-r--r--  1 mylogger  www     0B Jun 18 15:06 state
-rw-r--r--  1 mylogger  www     0B Jun 18 15:06 lock
-rw-r--r--  1 mylogger  www    41K Jun 18 16:04 current
When I send
s6-svc -a /run/scan/apache24-error-log
the processor does its job correctly.
And while the systems are all running, and simply remove mylogger from
the www group, then sending an alarm to the service works correctly.
-rw-r--r--  1 mylogger  www     0B Jun 18 15:06 lock
-rwxr--r--  1 mylogger  www   2.7K Jun 18 16:59 _at_400000005d088c11012cc9f4.s*
-rw-r--r--  1 mylogger  www     0B Jun 18 17:03 state
-rw-r--r--  1 mylogger  www     0B Jun 18 17:03 current
-rwxr--r--  1 mylogger  www    64B Jun 18 17:03 _at_400000005d088cd6113d5a5c.s*
However when I remove mylogger from the www group and restart (into a
relatively pristine test environment), it all works well but we return
to the original problem:
# s6-svc -a /run/scan/apache24-error-log
                             # lh /var/log/httpd | grep error ; lh
/var/log/httpd/error
drwx------  2 mylogger  www   512B Jun 18 17:05 error/
total 4
-rw-r--r--  1 mylogger  www     0B Jun 18 17:04 lock
-rw-r--r--  1 mylogger  www     0B Jun 18 17:05 state
-rwxr--r--  1 mylogger  www   304B Jun 18 17:05 processed*
-rw-r--r--  1 mylogger  www     0B Jun 18 17:05 current
with the resulting
s6-log: warning: unable to finish processed .s to logdir
/var/log/httpd/error: Operation not permitted
This is on a box that lacks development tools, so tracing will take some
time to sort out; sorry. :/
FreeBSD does have tweakable knobs to prevent seeing other uids or gids
which were enabled, but disabling made no difference (I thought we were
onto something for a minute there).
Cheers, Dewayne
Received on Tue Jun 18 2019 - 07:27:06 UTC
This archive was generated by hypermail 2.3.0
: Sun May 09 2021 - 19:44:19 UTC