juju-core

juju log files should not be world readable

Bug #1286518 reported by Kapil Thangavelu on 2014-03-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	juju-core	Fix Released	Medium	Katherine Cox-Buday	juju-core 1.21-alpha1

Bug Description

juju default logs in /var/log/juju are world readable, charms can log sensitive information so a better default would be 600

See original description

Tags:

Kapil Thangavelu (hazmat) on 2014-03-01

description:

updated

Curtis Hovey (sinzui) on 2014-03-01

Changed in juju-core:
status:	New → Triaged
importance:	Undecided → High
tags:	added: logging

Canonical Juju QA Bot (juju-qa-bot) on 2014-05-12

Changed in juju-core:
importance:	High → Medium

Katherine Cox-Buday (cox-katherine-e) on 2014-07-03

Changed in juju-core:
assignee:	nobody → Katherine Cox-Buday (cox-katherine-e)
status:	Triaged → In Progress
milestone:	none → next-stable

Katherine Cox-Buday (cox-katherine-e) on 2014-07-04

Changed in juju-core:
status:	In Progress → Fix Committed

Curtis Hovey (sinzui) on 2014-07-10

Changed in juju-core:
milestone:	next-stable → 1.21-alpha1

Curtis Hovey (sinzui) on 2014-09-10

Changed in juju-core:
status:	Fix Committed → Fix Released

Revision history for this message

Mario Splivalo (mariosplivalo) wrote on 2014-09-22:

Would it be possible to have local provider world-readable log files? Or at least set them to adm (or juju?) group, and have them group-readable?
Local provider is used mainly for testing charm development and it's cumbersome to type in sudo password all the time, or to have root terminal permanently open.
Or, maybe add a juju environment configuration option so that one can 'ease up' on the default (for instance, default chmod is 600, but user can change that to 640 or 644).

Revision history for this message

Matt Bruzek (mbruzek) wrote on 2014-09-23:

With this change landing now I have to use sudo to look at the log files.

As a charmer I often look at the unit-charm-name-0.log file for more details of what the charm is doing.

The log file change makes it more difficult for charm authors to look at the logs on their local system to debug the charm.

Could we do better with some ownership or group changes?

Revision history for this message

Kapil Thangavelu (hazmat) wrote on 2014-09-23: Re: [Bug 1286518] Re: juju log files should not be world readable

once debug-log gets unbroken that might be viable as go to resource for log
info, else group usage might help. for local its a bit unclear though.

On Tue, Sep 23, 2014 at 12:26 PM, Matt Bruzek <email address hidden>
wrote:

> With this change landing now I have to use sudo to look at the log
> files.
>
> As a charmer I often look at the unit-charm-name-0.log file for more
> details of what the charm is doing.
>
> The log file change makes it more difficult for charm authors to look at
> the logs on their local system to debug the charm.
>
> Could we do better with some ownership or group changes?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1286518
>
> Title:
> juju log files should not be world readable
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/juju-core/+bug/1286518/+subscriptions
>

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.