fluentd icon indicating copy to clipboard operation
fluentd copied to clipboard
verified publisher icon fluent

System config: add umask option

Open daipom opened this issue 10 months ago • 5 comments

Is your feature request related to a problem? Please describe.

Some users need to change umask. Example:

  • #4810

Currently, we have to use the command line option --umask. It is inconvenient for the service or container image.

Describe the solution you'd like

Add umask option to the System config.

Describe alternatives you've considered

Without this option in System config, we can customize the command line options like https://github.com/fluent/fluentd/issues/4810#issuecomment-2629720905, but it is inconvenient.

Additional context

No response

daipom avatar Feb 03 '25 02:02 daipom

It would be necessary for us to handle the following PR first:

  • #4836

daipom avatar Feb 21 '25 09:02 daipom

@daipom can i work on this

blazethunderstorm avatar Jun 30 '25 22:06 blazethunderstorm

@blazethunderstorm Thanks! Sure!

daipom avatar Jul 01 '25 02:07 daipom

https://github.com/fluent/fluentd/issues/4822#issuecomment-2693107945

I have found that this issue is a little complicated. Let me summarize this issue.

  • Before #4836, the files created by Fluentd are basically affected by the system's default umask value.
    • You can set those permissions by file_permission, but they are affected by the umask value as well.
    • Fluentd has --umask command line option, but it only worked when using --no-supervisor.
  • After #4836, --umask command line option works when using --daemon as well.
    • In addition, when using --daemon, the default umask value becomes 0. So file_permission setting should now be fully applied.
    • --daemon:
      • This is true if you use fluent-package (or td-agent).
      • If you use the Docker images, this is not true. So #4836 is not relevant. We need another workaround.
  • #4829:
    • It is great to allow that setting in system-config as well as in command line options.
    • However, if #4836 does not solve your issue (For example, you are using Docker images, etc.), it will not solve your issue.

daipom avatar Oct 10 '25 10:10 daipom

https://github.com/fluent/fluentd/issues/4810#issuecomment-2674030900

  • ..., it would not work for Fluentd Docker images.
    • In ServerEngine, it appears that the umask value is applied only when using daemonize.
    • So, it would work for fluent-package, but not for Docker images.

I wonder why ServerEngine has such specifications. Is there any reason why an application should not change umask if it does not run as a daemon? If there is no particular reason, then we could fix ServerEngine to solve this issue.

Or is it possible to change umask on the container environment?

daipom avatar Oct 10 '25 10:10 daipom