ilogtail icon indicating copy to clipboard operation
ilogtail copied to clipboard

Published 20 hours ago verified publisher icon alibaba

[FEATURE]: support set file permission mask to file generated by ilogtail

Open yyuuttaaoo opened this issue 2 years ago • 0 comments

Concisely describe the proposed feature I would like the iLogtail logs and snapshots to be only readable by the admin or specific groups. The file permission should be controlled by a config key or an environment variable.

Describe the solution you'd like (if any) Add a config key named file_permission_mask which acts as the permission mask to umask. A typical umask should be 022, which results in all newly created files having 644 permission. The current implementation uses a hard-coded chmod to achieve this. Such implementation is neither flexible nor can control files created by plugins.

The proposed implementation uses umask function which set default file permission globally.

Additional comments An example config will be:

{
  "file_permission_mask": "077"
}

The result will be like:

-rw------- 1 root root      5904 Aug  1 09:42 ilogtail.LOG

yyuuttaaoo avatar Aug 01 '22 10:08 yyuuttaaoo

Use a wrapper script to do this.

yyuuttaaoo avatar Sep 02 '22 05:09 yyuuttaaoo