You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Cliff Woolley <jw...@wlu.edu> on 2000/02/01 20:42:13 UTC

rotatelogs file permissions?

Hello all.

   I don't know if this has been discussed before -- if it has, please
point me at the applicable messages.  I couldn't find anything about it
in the CVS history, so I assume no one has ever brought it up.

  I just started using rotatelogs from src/support, and noticed that it
does its open() with initial file permissions for the logs set to 0666. 
Why is that?  I'd have assumed it would be 0644.  I changed mine to 0644
in the source and recompiled and it works fine...  <shrug>  As far as I
can tell, it's been 0666 ever since rotatelogs was introduced.

Thoughts?

--Cliff

Cliff Woolley
Central Systems Software Administrator
Washington and Lee University
http://www.wlu.edu/~jwoolley/

Work: (540) 463-8089
Pager: (540) 462-2303

Re: rotatelogs file permissions?

Posted by Martin Pool <mb...@linuxcare.com>.

On Tue, Feb 01, 2000 at 02:42:13PM -0500, Cliff Woolley wrote:

>   I just started using rotatelogs from src/support, and noticed that it
> does its open() with initial file permissions for the logs set to 0666. 

This is a pretty common idiom on unix: the assumption is that the user
has set their umask appropriately, and so giving maximum permission in
the open() gives the maximum flexibility to the user.  It's not
unreasonable, for example, that on some systems the logs might be
group-writable if there are several web servers installed.  

The only time when a program should use lower permissions is if it
requires the file to be restricted, such as an OpenSSH private-key
file, where 0600 would be OK.

Of course, the percentage of Red Hat users who know what umask is is
falling every month. :-)

> Why is that?  I'd have assumed it would be 0644.  I changed mine to 0644
> in the source and recompiled and it works fine...  <shrug>  As far as I
> can tell, it's been 0666 ever since rotatelogs was introduced.

Having said that it would be a bit hard to set the umask for the log
script alone, which is really what you want.

Perhaps a patch to add an option to set this would be accepted.  For
consistency with GNU, it might be good to make it

  -m, --mode=MODE   set permission mode (as in chmod), not rw-rw-rw- - umask

--  
Martin Pool, Guy from Queensland, Linuxcare, Inc.
+61 2 6262 8990
mbp@linuxcare.com, http://www.linuxcare.com/
Linuxcare. At the center of Linux.

Re: rotatelogs file permissions?

Posted by Manoj Kasichainula <ma...@io.com>.

I forget if someone responded to this or not. Just in case...

On Tue, Feb 01, 2000 at 02:42:13PM -0500, Cliff Woolley wrote:
>   I just started using rotatelogs from src/support, and noticed that it
> does its open() with initial file permissions for the logs set to 0666. 
> Why is that?

The permissions given to open() have the umask bits shut off, so it
shouldn't matter.