When you emerge nginx you get the following:
* Messages for package www-servers/nginx-1.4.4:
* Please make sure that the nginx user or group has at least
* 'rx' permissions on /var/log/nginx (default on a fresh install)
* Otherwise you end up with empty log files after a log rotate.
There's no reason we shouldn't stick:
checkpath -D -o nginx /var/log/nginx
In the init script and drop that message. Why spit ewarns when its something we can check for.
I can patch if it the maintainers agree.
Sounds good to me.
what about with systemd?
(In reply to Agostino Sarubbo from comment #2)
> what about with systemd?
Doesn't systemd do all of its own logging and you don't use the logrotate cronjobs with it?
(In reply to Doug Goldstein from comment #3)
That depends on the application. If it logs to stdout or syslog then systemd handles it. If it manages its own external log files (as nginx appears to do), then there is nothing magical in systemd to handle that.
Negative. The requirements are that the nginx user can rx the dir, how that happens is up to the admin, stomping over the permissions set by the admin in a startup script is not acceptable.
Besides, the ewarn only appears if the permissions must be corrected.
Automatically correcting them in the pkg_postinst run would be acceptable, I guess.
Running it in pkg_postinst was my idea as well.
Isn't that a duplicate of the discussion in bug 473036?
OK, what's the status of this bug? Can we remove
> # If the nginx user can't change into or read the dir, display a warning.
> # If su is not available we display the warning nevertheless since we can't check properly
> su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
> if [ $? -ne 0 ] ; then
> ewarn "Please make sure that the nginx user or group has at least"
> ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
> ewarn "Otherwise you end up with empty log files after a logrotate."
from the ebuild?
It was needed in the past to help our users because we had set invalid permission per default.
But this was fixed for more than 1.5y. Now with the 1.10 milestone we really now longer need this... any objections?