[Zope-Coders] new zLOG

[Casey Duncan]

This probably qualifies as a "DUH" question, but why can't you just speci=
fy=20
the uid to the logger when it is initialized (trick question, eh?). If yo=
u=20
are running as root it will just do a chown on the file to the uid specif=
ied.=20
Its not as though root won't be able to write to the file.

Or as a even dumber solution, maybe zLOG itself should be configurable to=
=20
accept an effective user to write the log files as, regardless of the use=
r=20
running Zope.

-Casey

On Tuesday 26 November 2002 11:43 am, Chris McDonough wrote:
> On Tue, 2002-11-26 at 11:15, Guido van Rossum wrote:
> > > I think it's the right thing to *not* have zdaemon perfom setuid by
> > > default if started as root because you may want the child process
> > > have privileges to bind to low ports and whatnot and manage its own
> > > setuid.
> >=20
> > OK, then I'll leave well enough alone.
>=20
> One thing that may be problematic about this:
>=20
> - you invoke zdaemon as root without -u in order to start a child
>   app that manages its own setuid.  zdaemon writes a logfile using
>   the path specified in STUPID_LOG_FILE (as root).
>=20
> - the child itself uses the STUPID_LOG_FILE envvar to decide where
>   to write a logfile
>=20
> - the daemon has already written the logfile as root.
>=20
> - the child will not be able to write to the event log file after
>   it performs a setuid.
>=20
> I think this is a genuine concern.  Maybe the answer is "dont do that",
> but can you imagine a better solution?  I can, but it involves not usin=
g
> a single envvar to control where the event log file for an application
> and all of its is written, which would be fairly invasive.
>=20
> - C
>=20
>=20
>=20
> _______________________________________________
> Zope-Coders mailing list
> Zope-Coders@zope.org
> http://lists.zope.org/mailman/listinfo/zope-coders
>=20