permission issues when writing to logs

[naved001]

We open the permissions of /var/log/bmi/ims.log so non-root users can also run bmi commands. But quite often, the permissions change and people are unable to run bmi commands.
@VijayalakshmiVJ

[naved001]

Hi @VijayalakshmiVJ any updates on this?

[VijayalakshmiVJ]

Hey Naved, I didn't realize I had this issue too. I seem to have missed reading this mail. I apologize! Iam uploading the other issue for review today. I have a big project submission this Sunday. I'll get cracking at this issue on Sunday after that and ensure we have a solution latest by Monday/Tuesday. I apologise again..:( Regards, VJ

…

On Fri, Apr 13, 2018, 10:55 AM Naved Ansari ***@***.***> wrote: Hi @VijayalakshmiVJ <https://github.com/VijayalakshmiVJ> any updates on this? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#163 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AgT5CFt-mBn_JO_-QISb96uqsFd4rIkEks5toLx4gaJpZM4S_Ks_> .

[mihirborkar]

I debugged the issue of file rollover as mentioned,
and found out that with in logging.handlers we were using RotatingFileHandler which by default produces a new file with default permissions 644 by using _open, thus I made changes in /usr/lib64/python2.7/logging/handlers.py to create files with open permissions :

def doRollover(self):
    """
    Do a rollover, as described in __init__().
    """

    if self.stream:
        self.stream.close()
        self.stream = None
    if self.backupCount > 0:
        for i in range(self.backupCount - 1, 0, -1):
            sfn = "%s.%d" % (self.baseFilename, i)
            dfn = "%s.%d" % (self.baseFilename, i + 1)
            if os.path.exists(sfn):
                #print "%s -> %s" % (sfn, dfn)
                if os.path.exists(dfn):
                    os.remove(dfn)
                os.rename(sfn, dfn)
        dfn = self.baseFilename + ".1"
        if os.path.exists(dfn):
            os.remove(dfn)
        os.rename(self.baseFilename, dfn)
        #print "%s -> %s" % (self.baseFilename, dfn)
    self.stream = self._open1()
**def _open1(self):
     prevumask=os.umask(0o000)
     #os.fdopen(os.open('/path/to/file', os.O_WRONLY, 0600))
     retcall=logging.handlers.RotatingFileHandler._open(self)
     os.system("chmod 777 /var/log/bmi/ims.log")
     os.umask(prevumask)
     return retcall**

I know its not the best way to go about it but it does the work.
Kindly let me know your thoughts on this.

Regards,
Mihir

[naved001]

I think the best solution is to actually separate the client and the server, and then the bmi user which runs the server will have appropriate permissions.

[apoorvemohan]

As bmi server runs as root for now, as a quick fix we can force it to set permissions to the log files upon create/rollover.