cfn-push-stats shoud not log to /var/log by default (or should at least be configureable)
Bug #1372489 reported by
Lars Kellogg-Stedman
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
heat-cfntools |
Triaged
|
Medium
|
Unassigned |
Bug Description
Attempting to run `cfn-push-stats` as a non-root user invariably results in:
IOError: [Errno 13] Permission denied: '/var/log/
A command line tool like cfn-push-stats should probably *not* be logging into /var/log by default...this prohibits running the command from anything other than the root account. At the very least, running "cfn-push-stats --help" ought to succeed even absent write access to the log file.
cfn-push-stats should probably just log to stderr by default, and should support a --log-file option for directing that output to a file.
affects: | heat → heat-cfntools |
Changed in heat-cfntools: | |
status: | New → Triaged |
importance: | Undecided → Medium |
To post a comment you must log in.
Don't fully agree with this assessment. We may need to consider that a non-root may use this tool to fake metrics or even launch a DOS attack. If only a root can do this, then the logging in /var/log directory won't be a problem.
On the other hand, making the log output configurable is acceptable. But if that is the reported issue, we may need to change the subject of this report.