From: Joan Picanyol i Puig <lists-supervision@biaix.org>
To: "supervision@list.skarnet.org" <supervision@list.skarnet.org>
Subject: Re: A better method than daisy-chaining logging files?
Date: Tue, 18 Jun 2019 09:26:20 +0200 [thread overview]
Message-ID: <20190618072620.GA12330@grummit.biaix.org> (raw)
In-Reply-To: <a95105f3-8267-ec76-b494-26d46768fab1@heuristicsystems.com.au> <emdfede14a-17c4-47d6-98e1-609b50cf7666@elzian>
* Laurent Bercot <ska-supervision@skarnet.org> [20190618 08:22]:
> >FYI: The fifo queue permissions, which the jail sees
> >pr---w---- 1 mylogger www 0B May 31 13:27 apache24-error|
>
> Ah, so the www group is the one that writes to the fifo. Got it.
>
> Then you don't need mylogger to belong to the www group (and
> it's probably better for privilege separation that it doesn't),
> but you apparently need the logdir to belong to the primary group
> of the mylogger user. There is no reason for the logdir to belong
> to the www group.
>
> The error you got still strikes me as weird, and shouldn't happen
> unless you have strange permissions for the logdir itself, or
> FreeBSD is doing something wonky with gid checking.
He is nullfs mounting some of these directories, wonkyness might happen.
> For my peace of mind, I'd still like to see the permissions on your
> logdir, and a ktrace of the error.
* Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> [20190618 09:16]:
> On the logger, the files, as requested are:
>
> # ls -lrth /var/log/httpd | grep error ; ls -lrth /var/log/httpd/error
> drwx------ 2 mylogger www 512B Jun 18 15:06 error/
> total 44
> -rw-r--r-- 1 mylogger www 0B Jun 18 15:06 state
> -rw-r--r-- 1 mylogger www 0B Jun 18 15:06 lock
> -rw-r--r-- 1 mylogger www 41K Jun 18 16:04 current
[...]
> -rw-r--r-- 1 mylogger www 0B Jun 18 15:06 lock
> -rwxr--r-- 1 mylogger www 2.7K Jun 18 16:59 @400000005d088c11012cc9f4.s*
> -rw-r--r-- 1 mylogger www 0B Jun 18 17:03 state
> -rw-r--r-- 1 mylogger www 0B Jun 18 17:03 current
> -rwxr--r-- 1 mylogger www 64B Jun 18 17:03 @400000005d088cd6113d5a5c.s*
>
[...]
> # s6-svc -a /run/scan/apache24-error-log
> # lh /var/log/httpd | grep error ; lh
> /var/log/httpd/error
> drwx------ 2 mylogger www 512B Jun 18 17:05 error/
> total 4
> -rw-r--r-- 1 mylogger www 0B Jun 18 17:04 lock
> -rw-r--r-- 1 mylogger www 0B Jun 18 17:05 state
> -rwxr--r-- 1 mylogger www 304B Jun 18 17:05 processed*
> -rw-r--r-- 1 mylogger www 0B Jun 18 17:05 current
Include -a to your ls flags, to show the directory's permissions for
completeness.
> with the resulting
> s6-log: warning: unable to finish processed .s to logdir
> /var/log/httpd/error: Operation not permitted
>
> This is on a box that lacks development tools, so tracing will take some
> time to sort out; sorry. :/
Just add
ktrace -id -f /var/tmp/s6-log.trace
before your s6-log invocation and send the output of
kdump -f /var/tmp/s6-log.trace
afterwards.
qvb
--
pica
next prev parent reply other threads:[~2019-06-18 7:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-31 5:24 Dewayne Geraghty
2019-05-31 9:22 ` Laurent Bercot
2019-05-31 12:52 ` Brett Neumeier
2019-06-17 6:25 ` Dewayne Geraghty
2019-06-17 17:58 ` Laurent Bercot
2019-06-17 22:15 ` Dewayne Geraghty
2019-06-18 6:35 ` Laurent Bercot
2019-06-18 7:27 ` Dewayne Geraghty
2019-06-18 7:26 ` Joan Picanyol i Puig [this message]
2019-06-18 7:48 ` Dewayne Geraghty
2019-06-18 20:52 ` Joan Picanyol i Puig
2019-06-19 7:05 ` Dewayne Geraghty
2019-06-20 6:09 ` Laurent Bercot
2019-06-18 7:53 ` Dewayne Geraghty
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190618072620.GA12330@grummit.biaix.org \
--to=lists-supervision@biaix.org \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).