m2 icon indicating copy to clipboard operation
m2 copied to clipboard
verified publisher icon CCI-MOC

permission issues when writing to logs

Open naved001 opened this issue 7 years ago • 5 comments

We open the permissions of /var/log/bmi/ims.log so non-root users can also run bmi commands. But quite often, the permissions change and people are unable to run bmi commands. @VijayalakshmiVJ

naved001 avatar Mar 28 '18 18:03 naved001

Hi @VijayalakshmiVJ any updates on this?

naved001 avatar Apr 13 '18 14:04 naved001

Hey Naved,

I didn't realize I had this issue too. I seem to have missed reading this mail. I apologize! Iam uploading the other issue for review today. I have a big project submission this Sunday. I'll get cracking at this issue on Sunday after that and ensure we have a solution latest by Monday/Tuesday. I apologise again..:(

Regards, VJ

On Fri, Apr 13, 2018, 10:55 AM Naved Ansari [email protected] wrote:

Hi @VijayalakshmiVJ https://github.com/VijayalakshmiVJ any updates on this?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/CCI-MOC/ims/issues/163#issuecomment-381161848, or mute the thread https://github.com/notifications/unsubscribe-auth/AgT5CFt-mBn_JO_-QISb96uqsFd4rIkEks5toLx4gaJpZM4S_Ks_ .

VijayalakshmiVJ avatar Apr 13 '18 16:04 VijayalakshmiVJ

I debugged the issue of file rollover as mentioned, and found out that with in logging.handlers we were using RotatingFileHandler which by default produces a new file with default permissions 644 by using _open, thus I made changes in /usr/lib64/python2.7/logging/handlers.py to create files with open permissions :

def doRollover(self):
    """
    Do a rollover, as described in __init__().
    """

    if self.stream:
        self.stream.close()
        self.stream = None
    if self.backupCount > 0:
        for i in range(self.backupCount - 1, 0, -1):
            sfn = "%s.%d" % (self.baseFilename, i)
            dfn = "%s.%d" % (self.baseFilename, i + 1)
            if os.path.exists(sfn):
                #print "%s -> %s" % (sfn, dfn)
                if os.path.exists(dfn):
                    os.remove(dfn)
                os.rename(sfn, dfn)
        dfn = self.baseFilename + ".1"
        if os.path.exists(dfn):
            os.remove(dfn)
        os.rename(self.baseFilename, dfn)
        #print "%s -> %s" % (self.baseFilename, dfn)
    self.stream = self._open1()
**def _open1(self):
     prevumask=os.umask(0o000)
     #os.fdopen(os.open('/path/to/file', os.O_WRONLY, 0600))
     retcall=logging.handlers.RotatingFileHandler._open(self)
     os.system("chmod 777 /var/log/bmi/ims.log")
     os.umask(prevumask)
     return retcall**

I know its not the best way to go about it but it does the work. Kindly let me know your thoughts on this.

Regards, Mihir

mihirborkar avatar May 10 '18 18:05 mihirborkar

I think the best solution is to actually separate the client and the server, and then the bmi user which runs the server will have appropriate permissions.

naved001 avatar Oct 17 '18 13:10 naved001

As bmi server runs as root for now, as a quick fix we can force it to set permissions to the log files upon create/rollover.

apoorvemohan avatar Oct 17 '18 13:10 apoorvemohan