Re: A better method than daisy-chaining logging files?

supervision - discussion about system services, daemon supervision, init, runlevel management, and tools such as s6 and runit
 help / color / mirror / Atom feed

From: "Laurent Bercot" <ska-supervision@skarnet.org>
To: "supervision@list.skarnet.org" <supervision@list.skarnet.org>
Subject: Re: A better method than daisy-chaining logging files?
Date: Tue, 18 Jun 2019 06:35:48 +0000	[thread overview]
Message-ID: <emdfede14a-17c4-47d6-98e1-609b50cf7666@elzian> (raw)
In-Reply-To: <6b30c85a-b49b-d7ed-f5a8-ba9ad54d421f@heuristicsystems.com.au>

>FYI: The fifo queue permissions, which the jail sees
>pr---w----  1 mylogger  www     0B May 31 13:27 apache24-error|

Ah, so the www group is the one that writes to the fifo. Got it.

Then you don't need mylogger to belong to the www group (and
it's probably better for privilege separation that it doesn't),
but you apparently need the logdir to belong to the primary group
of the mylogger user. There is no reason for the logdir to belong
to the www group.

The error you got still strikes me as weird, and shouldn't happen
unless you have strange permissions for the logdir itself, or
FreeBSD is doing something wonky with gid checking. For my peace
of mind, I'd still like to see the permissions on your logdir,
and a ktrace of the error.

--
Laurent

next prev parent reply	other threads:[~2019-06-18  6:35 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-31  5:24 Dewayne Geraghty
2019-05-31  9:22 ` Laurent Bercot
2019-05-31 12:52   ` Brett Neumeier
2019-06-17  6:25     ` Dewayne Geraghty
2019-06-17 17:58       ` Laurent Bercot
2019-06-17 22:15         ` Dewayne Geraghty
2019-06-18  6:35           ` Laurent Bercot [this message]
2019-06-18  7:27             ` Dewayne Geraghty
2019-06-18  7:26         ` Joan Picanyol i Puig
2019-06-18  7:48           ` Dewayne Geraghty
2019-06-18 20:52             ` Joan Picanyol i Puig
2019-06-19  7:05               ` Dewayne Geraghty
2019-06-20  6:09                 ` Laurent Bercot
2019-06-18  7:53           ` Dewayne Geraghty

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=emdfede14a-17c4-47d6-98e1-609b50cf7666@elzian \
    --to=ska-supervision@skarnet.org \
    --cc=supervision@list.skarnet.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).