cfn-push-stats shoud not log to /var/log by default (or should at least be configureable)
Bug #1372489 reported by
Lars Kellogg-Stedman
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| heat-cfntools |
Triaged
|
Medium
|
Unassigned | ||
Bug Description
Attempting to run `cfn-push-stats` as a non-root user invariably results in:
IOError: [Errno 13] Permission denied: '/var/log/
A command line tool like cfn-push-stats should probably *not* be logging into /var/log by default...this prohibits running the command from anything other than the root account. At the very least, running "cfn-push-stats --help" ought to succeed even absent write access to the log file.
cfn-push-stats should probably just log to stderr by default, and should support a --log-file option for directing that output to a file.
Revision history for this message
| Qiming Teng (tengqim) wrote | #1 |
Revision history for this message
| Lars Kellogg-Stedman (larsks) wrote | #2 |
| summary: |
- cfn-push-stats --help should not require root privileges + cfn-push-stats shoud not log to /var/log by default (or should at least + be configureable) |
| affects: | heat → heat-cfntools |
| Changed in heat-cfntools: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
To post a comment you must log in.
Don't fully agree with this assessment. We may need to consider that a non-root may use this tool to fake metrics or even launch a DOS attack. If only a root can do this, then the logging in /var/log directory won't be a problem.
On the other hand, making the log output configurable is acceptable. But if that is the reported issue, we may need to change the subject of this report.