Logs lose permissions after rotation

[tomalok]

alpine@m0:~$ ls -l /var/log/docker.log*
-rw-------    1 root     root       4958249 Nov 29 04:35 /var/log/docker.log
-rw-r--r--    1 root     docker    10485892 Nov 20 20:44 /var/log/docker.log.20201120204416
-rw-------    1 root     root      10823084 Nov 29 02:42 /var/log/docker.log.20201129024242

The init.d script sets the initial mode & ownership, but that's not persisted going forward.

It would be nice if either...

• log_proxy would preserve the original mode/ownership
  ...or...
• log_proxy could be provided options to set mode/ownership

[thefab]

it makes perfectly sense! let's fix that!

[thefab]

note: the option to change ownership can work only for the root user

[thefab]

I have an implementation with this new option:

  -c, --chmod               if set, chmod the logfile to this octal value (0700 for example)

@tomalok it would be ok for you?

[tomalok]

While an explicit --chmod is welcome, it doesn't address/solve the ownership issue (in my case, root:docker; FWIW, I haven't take a close look at the PR yet so I don't know offhand if a solution is in there).

I think an implicit solution might be a little easier to do... That is, when logs are rotated, log_proxy would stat the old log file and then TRY to chmod and chown the new log file to be the same. If the user that log_proxy is running as does not have sufficient privileges to set either the mode or the ownership (i.e. the chmod or chown fails) that's okay, and move along (maybe emit a warning somewhere).

[thefab]

Yes, the PR is only a beginning about permissions.

I don't like the implicit solution because the final result depends on original state. IMHO, it would be perfectly ok for a stateful thing like a database. But here with logs, I don't like the fact that if you clean your log directory (which sounds ok at any time), you will get some different results about permissions and ownership.

So i'm going to introduce a "best effort" explicit chown option.

[thefab]

new options introduced in the PR:

+    { "chmod", 'c', 0, G_OPTION_ARG_STRING, &chmod_str, "if set, chmod the logfile to this octal value (0700 for example)", NULL },
+    { "chown", 'o', 0, G_OPTION_ARG_STRING, &chown_str, "if set, try (if you don't have sufficient privileges, it will fail silently) to change the owner of the logfile to the given user value", NULL },
+    { "chgrp", 'g', 0, G_OPTION_ARG_STRING, &chgrp_str, "if set, try (if you don't have sufficient privileges, it will fail silently) to change the group of the logfile to the given group value", NULL }

@tomalok: ok for your use-case ?

[tomalok]

@thefab that should do the trick for me.

[thefab]

@tomalok 0.4 is out ;-)