Why do I have accesslog file set to /dev/null? This seems to be the only sane way to get gunicorn to not print access log to stdout/stderr yet still send it to syslog (with accesslog file not set at all accesslog doesn't go to syslog, tested on 19.3 and 19.4).
This used to work in 19.3, d922df3 changed it.
Please let me know if it's expected for /dev/null to not work as accesslog file.
The actual error:
Traceback (most recent call last):
File "/env/bin/gunicorn", line 11, in <module>
File "/env/lib/python2.7/site-packages/gunicorn/app/wsgiapp.py", line 74, in run
WSGIApplication("%(prog)s [OPTIONS] [APP_MODULE]").run()
File "/env/lib/python2.7/site-packages/gunicorn/app/base.py", line 192, in run
File "/env/lib/python2.7/site-packages/gunicorn/app/base.py", line 72, in run
File "/env/lib/python2.7/site-packages/gunicorn/arbiter.py", line 61, in __init__
File "/env/lib/python2.7/site-packages/gunicorn/arbiter.py", line 94, in setup
self.log = self.cfg.logger_class(app.cfg)
File "/env/lib/python2.7/site-packages/gunicorn/glogging.py", line 178, in __init__
File "/env/lib/python2.7/site-packages/gunicorn/glogging.py", line 192, in setup
File "/env/lib/python2.7/site-packages/gunicorn/glogging.py", line 341, in _set_handler
os.chown(h.baseFilename, self.cfg.user, self.cfg.group)
OSError: [Errno 1] Operation not permitted: '/dev/null'
Edit 2: this is running as non-root user
but what are the permissions of /dev/null ? Normally anyone should have access to it...
[~] ls -fla /dev/null 11:49:21
crw-rw-rw- 1 root 3, 2 Dec 4 11:49 /dev/null
Writing is fine, it's trying to chown it while running as a non-root user that's the issue.
oh right. Actually I am thinking we should check if the user has enough permission to write on an existing file. I will make such changes tomorrow.
Always send access log to syslog if syslog is on
Okay, there are actually two issues described here:
While the title describes the first of these, I think that's not actually an issue. I believe should fail to start if it cannot open the access log.
If we fix the second issue, then there is no need to pass /dev/null to enable the access logging in syslog. I have placed this fix on a branch for review: https://github.com/benoitc/gunicorn/compare/1157-access-syslog?expand=1
@tilgovi just commented your fix. Let's merge it, then check if we still need some action there.
Done in 2f8e750
Thank you @tilgovi and @benoitc, this does indeed fix the "the --access-logfile option is needed to get access logs into syslog" issue.
I'm still somewhat of an opinion that setting a log file to /dev/null (or any other file that an application can write to but can't chown) should work regardless but I'll leave it to you to decide whether to close this issue.
check auth before trying to own a file
@jstasiak check #1167 it should fix this issue. Let me know
Thank you @tilgovi and @benoitc, the issue is resolved!