[Zope-Coders] new zLOG
Toby Dickenson
tdickenson@geminidataloggers.com
Wed, 27 Nov 2002 14:49:57 +0000
On Wednesday 27 November 2002 2:03 pm, Chris McDonough wrote:
> On Wed, 2002-11-27 at 06:42, Toby Dickenson wrote:
> > A syslog backend doesnt care about suid. A non-stupid log-to-file bac=
ked
> > wont care about suid. Arguably, it is more important that any events
> > before the suid are logged promptly.
> >
> > Am I missing something?
>
> What do you suggest we do, given that we cannot avoid file logging?
The fundamental problem with the stupid log is that the log file is opene=
d by=20
the same process which generates the log events. There are several soluti=
ons,=20
but all involve adding an additional process to perform the writing to fi=
le.=20
For security it is important that this new process is not running as the =
same=20
user id as the zope process.
I am not sure which option is the right default for Zope, but we could ch=
oose=20
from:
1. Zope writes log enties to stdout, and the default start script pipes t=
hat=20
into a new process which writes it to a file. If started as root, this ne=
w=20
process would need to suid itself.
for:
=09easy to explain.
=09zero admin overhead
against:=20
=09you cant have more than one log managed this way.
=09does not work securely unless zope is started as root.
2. Zope creates a pipe, then forks a new process. Zope writes log entries=
to=20
the pipe. The new process reads events from the pipe, and writes them to =
a=20
file.
for:
=09zero admin overhead
=09supports multiple log files
against:
=09does not work securely unless zope is started as root.
3. Zope sends log entries to some kind of external socket (unix, udp, and=
tcp=20
all make sense). A different process listens on that socket, and writes t=
o a=20
file. Note that Zope could fork this process itself (but this is secure o=
nly=20
when started as root), or it could be started externally.
for:
=09zero admin overhead when started as root
=09can be secure even when not started as root with a little admin overhe=
ad.
=09supports multiple log files
against:
=09possibly lower performance
=09complexity
Currently I use option 3 in Zope 2.6, in the form of syslog. (Of course o=
ption=20
3 doesnt _have_ to be syslog)