On Tue, Aug 17, 2010 at 05:40:34PM -0000, exar...@twistedmatrix.com wrote: > On 11:35 am, zoran.bosn...@sloveniacontrol.si wrote: > >I am running twisted application from /etc/init/myapp.conf by exec > >statement like this: > >exec /usr/bin/twistd --uid=<id> --gid=<gid> --logfile=/var/log/dir/file > > > >The problem is when log file is first created under /var/log/dir (dir > >is > >owned by user id), the owner of the file is 'root', not requested user. > >As a consequence, the twistd is not able to rotate log files. > > > >If the logfile is already created (and chowned) before running twistd, > >there is no problem. It looks like set uid/gid is called too late > >inside > >twistd. It is suppose to be called before creating a logfile. > > > >Is this a bug or am I missing something? > > If <id> or <gid> has write permission on /var/log/dir/ then rotation > should work, even if <id> or <gid> does not own the first logfile > created.
This is a way to screw up the system. Consider this is run by the <uid> of the service: rm /var/log/dir/logfile ln -s /etc/shadow /var/log/dir/logfile After the service restart the system will lose /etc/shadow. In this case setuid() is called too late, truly. I think --uid option is too dangerous. sudo or su or setuidgid (from http://cr.yp.to/daemontools.html) is more appropriate for changing uids. It will always be hard to design application, that opens some files or sockets and only then changes it's uids/gids. > > Jean-Paul > > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python -- Alexey S. _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
