On Wed, Oct 23, 2019 at 01:27:24PM +1100, Dewayne Geraghty wrote:
> Is there any way to tell s6-log to set the mode to ./current to
> something other than 644?  640 is preferred?
> For example: I write to the logdir /var/log/httpd/error which has privs:
> /var/log/http
> drwx------  2 uucp  uucp   1.0K Oct 23 12:37 error/
> Within /var/log/httpd/error
> -rwxr--r--  1 uucp  uucp   190K Oct 23 12:37 @400000005dafaf1b180d862c.s*
> -rw-r-----  1 uucp  uucp     0B Oct 23 12:37 state
> -rw-r--r--  1 uucp  uucp     0B Oct 23 12:37 current
> I did try umask 037 but that just broke the pipe.
> All my log files are of this form
> #!/usr/local/bin/execlineb -P
> s6-setuidgid uucp
> redirfd -r 0 /services/ntp/fifo
> /usr/local/bin/s6-log -b n28 r7000 s200000 S7000000 !"/usr/bin/xz -7q"
> /var/log/ntpd
> This is a big deal as I'm about to move my audit processing under s6-rc.
> (Aside: Actually I write to a fifo and then redirfd for s6-log to pick
> up the content and manage the log files.  All works very nicely :) )

I know it isn't sexy but directory restrictions are good enough in this
situation. In your case, only the uucp user is allowed to descend into
that directory to start with so as long as that guarantee stays in place
the file permissions shouldn't matter. In fact, 640 is *more* permissive
than the parent directory due to the ability for accounts in the uucp
group to observe the file, even if they can't get to the directory to do

Colin Booth

Reply via email to