Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

passenger-config reopen-logs fails with permission denied #1452

Closed
NeoPhi opened this issue Mar 24, 2015 · 10 comments

Comments

Projects
None yet
5 participants
@NeoPhi
Copy link

commented Mar 24, 2015

/usr/bin/passenger-config --version
Phusion Passenger 5.0.5

sudo /usr/bin/passenger-config reopen-logs

Reopening logs for PassengerAgent watchdog
Reopening logs for PassengerAgent server
Reopening logs for PassengerAgent logger
*** An error occured while communicating with the PassengerAgent logger (code 500):
Cannot reopen log file /var/log/nginx/error.log: Permission denied (errno=13)

@FooBarWidget

This comment has been minimized.

Copy link
Member

commented Mar 24, 2015

This is because PassengerAgent logger is running as 'nobody', and thus cannot reopen the log file for writing.

@FooBarWidget

This comment has been minimized.

Copy link
Member

commented Mar 24, 2015

But rest assured. The watchdog and the server did succeed in reopening the log file, and those two are the processes that do most of the logging.

@NeoPhi

This comment has been minimized.

Copy link
Author

commented Mar 24, 2015

Looks like using the "passenger_default_user username" or "passenger_default_group group name" to something that is allowed access to the log may address the issue until #1279 is available. Thank you.

@NeoPhi NeoPhi closed this Mar 24, 2015

@FooBarWidget FooBarWidget reopened this Mar 24, 2015

@FooBarWidget

This comment has been minimized.

Copy link
Member

commented Mar 24, 2015

#1279 is not related to this issue. Setting passenger_default_username/group also won't affect this problem.

For this problem, you need to set passenger_analytics_log_user and passenger_analytics_log_group to some username/group name that has write access to your nginx error log.

@NeoPhi

This comment has been minimized.

Copy link
Author

commented Mar 24, 2015

Do you have a reference for that configuration parameter. I don't see it listed at:
https://www.phusionpassenger.com/documentation/Users%20guide%20Nginx.html

@mtalcott

This comment has been minimized.

Copy link

commented Mar 30, 2015

We just wasted a lot of time trying to come up with a workaround for this issue. I appreciate the info about passenger_analytics_log_user and passenger_analytics_log_group, @FooBarWidget. I haven't seen those mentioned anywhere else.

When will this be added to the documentation? This seems like an issue that a lot of people could be coming across. For us, it prevented passenger from even launching our Rails app..

@CrossTheStreams

This comment has been minimized.

Copy link

commented Mar 30, 2015

@FooBarWidget, just piling on that passenger_analytics_log_user should definitely be added to the Passenger+nginx documentation. Missing this wasted a lot of time for us.

@FooBarWidget

This comment has been minimized.

Copy link
Member

commented Mar 30, 2015

Sorry about that.

I'm hoping to make this better by having the PassengerAgent logger inherit the log file handle from the parent process instead. That way there will be no need to tweak passenger_analytics_log_user, and everything would work automatically. First I'll need to implement sending Unix socket auxiliary messages over HTTP, as per #1392.

@OnixGH OnixGH added the Enhancement label Apr 30, 2015

FooBarWidget added a commit that referenced this issue May 16, 2015

Allow re-inheriting the log file's file descriptor from the watchdog …
…to the server agent and the logging agent

This makes it possible to implement log file reopening, without
needing all processes to be able to open the log file for writing.
Only the Watchdog needs to be able to open it.

Closes GH-1452.

@FooBarWidget FooBarWidget added this to the 5.0.10 milestone May 16, 2015

@FooBarWidget FooBarWidget self-assigned this May 16, 2015

@FooBarWidget

This comment has been minimized.

Copy link
Member

commented May 16, 2015

This improvement has been implemented in the GH-1452 branch. It is a candidate for merging into master. If all goes well, it'll land in version 5.0.10.

@FooBarWidget

This comment has been minimized.

Copy link
Member

commented May 16, 2015

To clarify: reopening logs is now implemented by making only the Watchdog reopen the logs, while making all the other processes re-inherit the log file's file handle from the Watchdog. This way, a reopen-logs command no longer requires all processes to be able to open the log file for writing. If the Watchdog can open it (which it usually can), then that's enough. This makes passenger-config reopen-logs work correctly out-of-the-box, without requiring any configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.