fluentd
fluentd copied to clipboard
out_file plugin should allow customizing permissions
When using fluentd to write logs to disk using out_fule
plugin, for certain sensitive logs, it would be good to be able to restrict the ownership and access of the files. At the moment, all output files are owned by the user fluentd runs as, and with default umask, so probably world-readable.
Ideally we'd be to be able to configure for each file, the owner, group, and standard Unix permissions (eg 0600).
Environment information - fluentd 0.12, in docker container on CentOS 7.5.
You can set file_permission in global system
section.
Note that this changes all generated files.
<system>
file_permission 600
</system>
https://docs.fluentd.org/v1.0/articles/system-config#file_permission
fluentd 0.12
Ah, I missed it. This feature is since v1
Ah - thanks. But I want to set the permissions just for some files, not globally.
More specifically - I want to output logs to a file, but i want to output audit-type logs to a different file with more restrictive permissions. As far as I can tell, there's no way to do this right now.
I tried
<system> file_permission 600 </system>
but changed only read and execute. write not set.
fluentd in docker with ver 1.10.4-1.0