From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/2636
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: A better method than daisy-chaining logging files?
Date: Tue, 18 Jun 2019 17:27:06 +1000
Message-ID: <a95105f3-8267-ec76-b494-26d46768fab1@heuristicsystems.com.au>
References: <16c909e2-9b84-63c8-7c60-380befe28f01@heuristicsystems.com.au>
 <em7988d39c-b7f1-4c41-8413-be91240e0c52@elzian>
 <CAGSetNuDw_Uy_2x-r-Oj4XGEXbeBzg5vg0dH0y-pC4_OU+Lgbw@mail.gmail.com>
 <8447f17e-0960-196d-bdf5-64a3d203cff0@heuristicsystems.com.au>
 <em673139b5-4f09-4e29-8ff2-68a29299ea0b@elzian>
 <6b30c85a-b49b-d7ed-f5a8-ba9ad54d421f@heuristicsystems.com.au>
 <emdfede14a-17c4-47d6-98e1-609b50cf7666@elzian>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="115254"; mail-complaints-to="usenet@blaine.gmane.org"
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101
 Thunderbird/60.7.1
To: Laurent Bercot <ska-supervision@skarnet.org>,
        "supervision@list.skarnet.org" <supervision@list.skarnet.org>
Original-X-From: supervision-return-2226-gcsg-supervision=m.gmane.org@list.skarnet.org Tue Jun 18 09:28:15 2019
Return-path: <supervision-return-2226-gcsg-supervision=m.gmane.org@list.skarnet.org>
Envelope-to: gcsg-supervision@m.gmane.org
Original-Received: from alyss.skarnet.org ([95.142.172.232])
	by blaine.gmane.org with smtp (Exim 4.89)
	(envelope-from <supervision-return-2226-gcsg-supervision=m.gmane.org@list.skarnet.org>)
	id 1hd8XN-000Tp5-E9
	for gcsg-supervision@m.gmane.org; Tue, 18 Jun 2019 09:28:14 +0200
Original-Received: (qmail 3977 invoked by uid 89); 18 Jun 2019 07:28:38 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
Original-Sender: <supervision@list.skarnet.org>
Precedence: bulk
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Id: <supervision.list.skarnet.org>
Original-Received: (qmail 3970 invoked from network); 18 Jun 2019 07:28:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
	d=heuristicsystems.com.au; s=hsa; t=1560842827; x=1561447628;
	bh=Yw+PbetbgarKdfX+uqhjVD8gufbU+ElYgtcDDj3Sbqw=;
	h=Subject:To:From:Message-ID:Date;
	b=B6HRZ/wY9Hl4JyqayWfUZmLWWFW1PaxLLIQaMbJwxBggVZqBOuxNY4DOmQhqy6+jr
	 0CIDOVWE9kGqgD5nS5BdaFFSXR+zhQs70Ht5G32kpUmWL7LwLgPWbDjJrhfUnenDTk
	 PMW8Joz0F/Z5Zkj634sB6IPkYdFyiYEUvbyrmVQJsriZhnL0MtkHo
X-Authentication-Warning: b3.hs: Host noddy.hs [10.0.5.3] claimed to be [10.0.5.3]
Openpgp: preference=signencrypt
In-Reply-To: <emdfede14a-17c4-47d6-98e1-609b50cf7666@elzian>
Content-Language: en-AU
Xref: news.gmane.org gmane.comp.sysutils.supervision.general:2636
Archived-At: <http://permalink.gmane.org/gmane.comp.sysutils.supervision.general/2636>

Sure.  I don't think the permissions are particularly weird? ;)

Remember we're effectively talking about two VM's one running apache and
the other being a log recipient, so priv's aren't a big deal in this
latter's context.  On the logger, the files, as requested are:

# ls -lrth /var/log/httpd | grep error ; ls -lrth  /var/log/httpd/error
drwx------  2 mylogger  www   512B Jun 18 15:06 error/
total 44
-rw-r--r--  1 mylogger  www     0B Jun 18 15:06 state
-rw-r--r--  1 mylogger  www     0B Jun 18 15:06 lock
-rw-r--r--  1 mylogger  www    41K Jun 18 16:04 current

When I send
s6-svc -a /run/scan/apache24-error-log
the processor does its job correctly.

And while the systems are all running, and simply remove mylogger from
the www group, then sending an alarm to the service works correctly.

-rw-r--r--  1 mylogger  www     0B Jun 18 15:06 lock
-rwxr--r--  1 mylogger  www   2.7K Jun 18 16:59 @400000005d088c11012cc9f4.s*
-rw-r--r--  1 mylogger  www     0B Jun 18 17:03 state
-rw-r--r--  1 mylogger  www     0B Jun 18 17:03 current
-rwxr--r--  1 mylogger  www    64B Jun 18 17:03 @400000005d088cd6113d5a5c.s*

However when I remove mylogger from the www group and restart (into a
relatively pristine test environment), it all works well but we return
to the original problem:

# s6-svc -a /run/scan/apache24-error-log
                             # lh /var/log/httpd | grep error ; lh
/var/log/httpd/error
drwx------  2 mylogger  www   512B Jun 18 17:05 error/
total 4
-rw-r--r--  1 mylogger  www     0B Jun 18 17:04 lock
-rw-r--r--  1 mylogger  www     0B Jun 18 17:05 state
-rwxr--r--  1 mylogger  www   304B Jun 18 17:05 processed*
-rw-r--r--  1 mylogger  www     0B Jun 18 17:05 current

with the resulting
s6-log: warning: unable to finish processed .s to logdir
/var/log/httpd/error: Operation not permitted

This is on a box that lacks development tools, so tracing will take some
time to sort out; sorry. :/

FreeBSD does have tweakable knobs to prevent seeing other uids or gids
which were enabled, but disabling made no difference (I thought we were
onto something for a minute there).
Cheers, Dewayne