bneradt commented on issue #4729: URL: https://github.com/apache/trafficserver/issues/4729#issuecomment-871677761
The ATS chmod calls are actually a configurable feature. We have three separate records.config parameters for this: * [proxy.config.output.logfile_perm](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html#proxy-config-output-logfile-perm) * [proxy.config.log.logfile_perm](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html#proxy-config-log-logfile-perm) * [proxy.config.diags.logfile_perm](https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html#proxy-config-diags-logfile-perm) These each take a full Unix DAC specification (`rw-rw----`, e.g.). Between these three, you should be able to control all permission modifications on all log files written to by Traffic Server. I verified on one of our internal ATS boxes that this is the case for our set of log files. (Notice the documented comment about umask and how that limits what permissions ATS can set, however.) The permissions are changed upon the first write to a particular log file after the service comes up. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
