fluentd icon indicating copy to clipboard operation
fluentd copied to clipboard

Published 20 hours ago verified publisher icon fluent

out_file plugin should allow customizing permissions

Open mthebridge opened this issue 5 years ago • 4 comments

When using fluentd to write logs to disk using out_fule plugin, for certain sensitive logs, it would be good to be able to restrict the ownership and access of the files. At the moment, all output files are owned by the user fluentd runs as, and with default umask, so probably world-readable.

Ideally we'd be to be able to configure for each file, the owner, group, and standard Unix permissions (eg 0600).

Environment information - fluentd 0.12, in docker container on CentOS 7.5.

mthebridge avatar Aug 31 '18 13:08 mthebridge

You can set file_permission in global system section. Note that this changes all generated files.

<system>
  file_permission 600
</system>

https://docs.fluentd.org/v1.0/articles/system-config#file_permission

repeatedly avatar Aug 31 '18 14:08 repeatedly

fluentd 0.12

Ah, I missed it. This feature is since v1

repeatedly avatar Aug 31 '18 14:08 repeatedly

Ah - thanks. But I want to set the permissions just for some files, not globally.

More specifically - I want to output logs to a file, but i want to output audit-type logs to a different file with more restrictive permissions. As far as I can tell, there's no way to do this right now.

mthebridge avatar Aug 31 '18 14:08 mthebridge

I tried <system> file_permission 600 </system> but changed only read and execute. write not set. fluentd in docker with ver 1.10.4-1.0

oleg-filiutsich avatar May 29 '20 08:05 oleg-filiutsich