From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>
To: Laurent Bercot <ska-supervision@skarnet.org>,
"supervision@list.skarnet.org" <supervision@list.skarnet.org>
Subject: Re: A better method than daisy-chaining logging files?
Date: Tue, 18 Jun 2019 17:27:06 +1000 [thread overview]
Message-ID: <a95105f3-8267-ec76-b494-26d46768fab1@heuristicsystems.com.au> (raw)
In-Reply-To: <emdfede14a-17c4-47d6-98e1-609b50cf7666@elzian>
Sure. I don't think the permissions are particularly weird? ;)
Remember we're effectively talking about two VM's one running apache and
the other being a log recipient, so priv's aren't a big deal in this
latter's context. On the logger, the files, as requested are:
# ls -lrth /var/log/httpd | grep error ; ls -lrth /var/log/httpd/error
drwx------ 2 mylogger www 512B Jun 18 15:06 error/
total 44
-rw-r--r-- 1 mylogger www 0B Jun 18 15:06 state
-rw-r--r-- 1 mylogger www 0B Jun 18 15:06 lock
-rw-r--r-- 1 mylogger www 41K Jun 18 16:04 current
When I send
s6-svc -a /run/scan/apache24-error-log
the processor does its job correctly.
And while the systems are all running, and simply remove mylogger from
the www group, then sending an alarm to the service works correctly.
-rw-r--r-- 1 mylogger www 0B Jun 18 15:06 lock
-rwxr--r-- 1 mylogger www 2.7K Jun 18 16:59 @400000005d088c11012cc9f4.s*
-rw-r--r-- 1 mylogger www 0B Jun 18 17:03 state
-rw-r--r-- 1 mylogger www 0B Jun 18 17:03 current
-rwxr--r-- 1 mylogger www 64B Jun 18 17:03 @400000005d088cd6113d5a5c.s*
However when I remove mylogger from the www group and restart (into a
relatively pristine test environment), it all works well but we return
to the original problem:
# s6-svc -a /run/scan/apache24-error-log
# lh /var/log/httpd | grep error ; lh
/var/log/httpd/error
drwx------ 2 mylogger www 512B Jun 18 17:05 error/
total 4
-rw-r--r-- 1 mylogger www 0B Jun 18 17:04 lock
-rw-r--r-- 1 mylogger www 0B Jun 18 17:05 state
-rwxr--r-- 1 mylogger www 304B Jun 18 17:05 processed*
-rw-r--r-- 1 mylogger www 0B Jun 18 17:05 current
with the resulting
s6-log: warning: unable to finish processed .s to logdir
/var/log/httpd/error: Operation not permitted
This is on a box that lacks development tools, so tracing will take some
time to sort out; sorry. :/
FreeBSD does have tweakable knobs to prevent seeing other uids or gids
which were enabled, but disabling made no difference (I thought we were
onto something for a minute there).
Cheers, Dewayne
next prev parent reply other threads:[~2019-06-18 7:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-31 5:24 Dewayne Geraghty
2019-05-31 9:22 ` Laurent Bercot
2019-05-31 12:52 ` Brett Neumeier
2019-06-17 6:25 ` Dewayne Geraghty
2019-06-17 17:58 ` Laurent Bercot
2019-06-17 22:15 ` Dewayne Geraghty
2019-06-18 6:35 ` Laurent Bercot
2019-06-18 7:27 ` Dewayne Geraghty [this message]
2019-06-18 7:26 ` Joan Picanyol i Puig
2019-06-18 7:48 ` Dewayne Geraghty
2019-06-18 20:52 ` Joan Picanyol i Puig
2019-06-19 7:05 ` Dewayne Geraghty
2019-06-20 6:09 ` Laurent Bercot
2019-06-18 7:53 ` Dewayne Geraghty
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a95105f3-8267-ec76-b494-26d46768fab1@heuristicsystems.com.au \
--to=dewayne.geraghty@heuristicsystems.com.au \
--cc=ska-supervision@skarnet.org \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).