Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 496318 - www-servers/nginx - init script gives message that should be programmatically checked
Summary: www-servers/nginx - init script gives message that should be programmatically...
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Thomas Deutschmann
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-28 21:56 UTC by Doug Goldstein
Modified: 2017-03-27 09:42 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Doug Goldstein gentoo-dev 2013-12-28 21:56:36 UTC
When you emerge nginx you get the following:

 * Messages for package www-servers/nginx-1.4.4:

 * Please make sure that the nginx user or group has at least
 * 'rx' permissions on /var/log/nginx (default on a fresh install)
 * Otherwise you end up with empty log files after a log rotate.

There's no reason we shouldn't stick:

checkpath -D -o nginx /var/log/nginx

In the init script and drop that message. Why spit ewarns when its something we can check for.

I can patch if it the maintainers agree.
Comment 1 Johan Bergström 2013-12-28 22:03:07 UTC
Sounds good to me.
Comment 2 Agostino Sarubbo gentoo-dev 2013-12-29 08:53:12 UTC
what about with systemd?
Comment 3 Doug Goldstein gentoo-dev 2013-12-29 20:59:51 UTC
(In reply to Agostino Sarubbo from comment #2)
> what about with systemd?

Doesn't systemd do all of its own logging and you don't use the logrotate cronjobs with it?
Comment 4 Mike Gilbert gentoo-dev 2013-12-29 21:38:48 UTC
(In reply to Doug Goldstein from comment #3)

That depends on the application. If it logs to stdout or syslog then systemd handles it. If it manages its own external log files (as nginx appears to do), then there is nothing magical in systemd to handle that.
Comment 5 Tiziano Müller gentoo-dev 2014-01-08 08:25:03 UTC
Negative. The requirements are that the nginx user can rx the dir, how that happens is up to the admin, stomping over the permissions set by the admin in a startup script is not acceptable.
Besides, the ewarn only appears if the permissions must be corrected.
Automatically correcting them in the pkg_postinst run would be acceptable, I guess.
Comment 6 Johan Bergström 2014-01-14 23:26:38 UTC
@tiziano:
Running it in pkg_postinst was my idea as well.
Comment 7 Thomas Deutschmann gentoo-dev Security 2014-03-09 13:29:00 UTC
Isn't that a duplicate of the discussion in bug 473036?
Comment 8 Thomas Deutschmann gentoo-dev Security 2016-07-20 00:56:57 UTC
OK, what's the status of this bug? Can we remove

> # If the nginx user can't change into or read the dir, display a warning.
> # If su is not available we display the warning nevertheless since we can't check properly
> su -s /bin/sh -c 'cd /var/log/nginx/ && ls' nginx >&/dev/null
> if [ $? -ne 0 ] ; then
> 	ewarn "Please make sure that the nginx user or group has at least"
> 	ewarn "'rx' permissions on /var/log/nginx (default on a fresh install)"
> 	ewarn "Otherwise you end up with empty log files after a logrotate."
> fi

(from https://github.com/gentoo/gentoo/blob/8dd9fab6768ab82e3c23aaf3d35800bc96b8fc86/www-servers/nginx/nginx-1.10.0.ebuild#L313-L318)

from the ebuild?

It was needed in the past to help our users because we had set invalid permission per default.

But this was fixed for more than 1.5y. Now with the 1.10 milestone we really now longer need this... any objections?