upstart

upstart log file permissions are too paranoid

Bug #1423784 reported by Jens Elkner on 2015-02-20

This bug report is a duplicate of: Bug #1074564: Upstart logfiles should be readable by adm group. Edit Remove

This bug affects 11 people

Affects		Status	Importance	Assigned to	Milestone
	upstart	New	Undecided	Unassigned

Bug Description

The current upstart log file permissions are too paranoid 0640 and there is no documented way, how to change it (either the mode or ownership). So it is ridiculous to give user super user permissions, just for being able to read such files. So either make upstart to use mode 0644 or provide a mechanism that let an admin choose the level of paranoia.

Steve Langasek (vorlon) on 2015-02-20

information type:

Private Security → Public

Revision history for this message

harrychillboy (harrychillboy) wrote on 2015-10-14:

In most companies SysAdmins install upstart jobs but dev need to read it to find issues / errors. With this restriction either the dev need to have root permission or sysadmin need to copy the logs to other directory.

I understand the security restrictions but there should be a way to allow other system users to read the logs

Revision history for this message

Darren Spruell (phatbuckett) wrote on 2016-06-15:

Would like to add support to this - it would be nice for standard behavior to be the default (restrictive permissions to log files), but with possibility to override globally or per service (via job configuration) what the owner/group and file mode should be.

Another option could be to default to making the group owner of Upstart log files a group like 'adm' or 'operator', enabling the sysadmin to grant access via group membership.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1074564 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.