Explicitly set permissions for logfiles to default permissions (777)

[Ikke]

On my machine, the permissions of the logfiles that are created are very restrictive (u+rw), so explicitly set them to self::$_defaultPermissions.

[katzgrau]

Probably not secure

[ebaschiera]

+1 for the self::$_defaultPermissions
Can you please explain why it's not secure? I work with Magento and it too sets log files to 777.
In my use case, I have some scripts ran by root and a web application that runs as www-data. So they cannot share log files, because those files created by root are not writable by www-data.
Thanks in advance!

[katzgrau]

My reasoning was (probably, I can't remember) that if the log directly already exists, why try and override with every single instance of KLogger? If it didn't already exist, then it may make sense to set default permissions, and even then I'm not convinced.

I guess I can see the sharing scenario, but wouldn't it really make more sense to have this managed by a deployment script? Or you could add the log directory, webserver, and secondary application to a group of users with writable access.

Log files can contain sensitive data, and if the log directory already exists, just chmod-ing to 777 doesn't seem to be in the application's best interests.

Perhaps a constructor option to set default permissions (or override) would be a better idea.

[ebaschiera]

Thanks for your explanation, but I think you misunderstood my request. I was talking about files, not directories. I agree with you that existing directories should not be modified, anyway when a new logfile is created, I would like it to be with 777, so multiple users can write into it.
In the meantime I realized that a possible workaround for me would be to play with users and groups (I have a script running as root because it needs usb hardware access, then I have a web application running as www-data).
Thanks!