Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 496318

Summary: www-servers/nginx - init script gives message that should be programmatically checked
Product: Gentoo Linux Reporter: Doug Goldstein (RETIRED) <cardoe>
Component: Current packagesAssignee: Thomas Deutschmann <whissi>
Status: CONFIRMED ---    
Severity: normal CC: bugs, dev-zero, proxy-maint, systemd
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Doug Goldstein (RETIRED) gentoo-dev 2013-12-28 21:56:36 UTC
When you emerge nginx you get the following:

 * Messages for package www-servers/nginx-1.4.4:

 * Please make sure that the nginx user or group has at least
 * 'rx' permissions on /var/log/nginx (default on a fresh install)
 * Otherwise you end up with empty log files after a log rotate.

There's no reason we shouldn't stick:

checkpath -D -o nginx /var/log/nginx

In the init script and drop that message. Why spit ewarns when its something we can check for.

I can patch if it the maintainers agree.
Comment 1 Johan Bergström 2013-12-28 22:03:07 UTC
Sounds good to me.
Comment 2 Agostino Sarubbo gentoo-dev 2013-12-29 08:53:12 UTC
what about with systemd?
Comment 3 Doug Goldstein (RETIRED) gentoo-dev 2013-12-29 20:59:51 UTC
(In reply to Agostino Sarubbo from comment #2)
> what about with systemd?

Doesn't systemd do all of its own logging and you don't use the logrotate cronjobs with it?
Comment 4 Mike Gilbert gentoo-dev 2013-12-29 21:38:48 UTC
(In reply to Doug Goldstein from comment #3)

That depends on the application. If it logs to stdout or syslog then systemd handles it. If it manages its own external log files (as nginx appears to do), then there is nothing magical in systemd to handle that.
Comment 5 Tiziano Müller (RETIRED) gentoo-dev 2014-01-08 08:25:03 UTC
Negative. The requirements are that the nginx user can rx the dir, how that happens is up to the admin, stomping over the permissions set by the admin in a startup script is not acceptable.
Besides, the ewarn only appears if the permissions must be corrected.
Automatically correcting them in the pkg_postinst run would be acceptable, I guess.
Comment 6 Johan Bergström 2014-01-14 23:26:38 UTC
@tiziano:
Running it in pkg_postinst was my idea as well.
Comment 7 Thomas Deutschmann gentoo-dev Security 2014-03-09 13:29:00 UTC
Isn't that a duplicate of the discussion in bug 473036?
Comment 8 Thomas Deutschmann gentoo-dev Security 2016-07-20 00:56:57 UTC
OK, what's the status of this bug? Can we remove

> # If the nginx user can't change into or read the dir, display a warning.
> # If su is not available we display the warning nevertheless since we can't check properly
> su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
> if [ $? -ne 0 ] ; then
> 	ewarn "Please make sure that the nginx user or group has at least"
> 	ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
> 	ewarn "Otherwise you end up with empty log files after a logrotate."
> fi

(from https://github.com/gentoo/gentoo/blob/8dd9fab6768ab82e3c23aaf3d35800bc96b8fc86/www-servers/nginx/nginx-1.10.0.ebuild#L313-L318)

from the ebuild?

It was needed in the past to help our users because we had set invalid permission per default.

But this was fixed for more than 1.5y. Now with the 1.10 milestone we really now longer need this... any objections?