[Zope-Coders] new zLOG

Wed, 27 Nov 2002 16:08:35 +0000

On Wednesday 27 November 2002 3:34 pm, Chris McDonough wrote:

> Since file-logging is the lowest-common-denominator across platforms,
> it's likely going to be the default.

Yes, it is not possible to have the same code work across all platforms=20
without dropping the security requirement.

I had been assuming some platform-specific code is ok, provided it dumps =
the=20
log into the same filename.

>  Since it's going to be the
> default, it needs to work predictably, so ignoring the setuid problem
> doesn't seem to be an option.  Your options above

>(aside from 3, which is syslog)=20

Equivalent to syslog, but not necessarily syslog compatible. Im not sure =
if=20
thats what you meant.

> seem to be kinda complicated.=20

Yes, it is more complicated than open(LOGFILE,'w')

> Wanting to write a file-based
> log as an effective user when started as root seems like a fundamental
> problem in UNIX daemon applications.
>
> I looked at the Apache and Squid sources to see how they do it, and as
> far as I can tell they take the "log to stderr until after some point
> after minimal startup" tact.  I'm still not sure why we can't do the
> same without all the complexity you describe above.

Apache implements exactly what I described as option 2 (on unix anyway - =
there=20
is platform specific code here ;-)

Option 3 is a little more complicated, but avoids the need to start zope =
as=20
root. Guido's suggestion of a suid binary for the logger process in optio=
n 2=20
might avoid that too.

(One element of complexity in my proposal is avoided by Apache because it=
=20
writes its log files as root. Therefore it only needs one dedicated user,=
 not=20
two. Zope could do the same if you dont mind log files written as root)

> I'm not saying "you're wrong and I'm right", I maybe just need to
> understand better what is so terrible about that solution, besides your
> distaste for file-logging in general.

No, I like file logging! I use syslog, but my syslog daemon does nothing =
more=20
than write log entries to a file!

Its a PITA that syslog has to mix up all my daemons. I would love to be a=
ble=20
to use Zopes logging to a file, provided I dont have to give up any secur=
ity.