[Libwebsockets] logrotate puzzle

Jaco Kroon jaco at uls.co.za
Wed Apr 27 20:15:22 CEST 2016


Hi Andy,

On 26/04/2016 13:37, Andy Green wrote:

>> If those are not possible the combination of copy and copytruncate is
>> your best options, but not ideal. No need to perform any special actions
>> inside the application, it just needs to initially open the log files
>> for appending write.
>
> Yes that's the situation, he opens under root credentials with O_CREAT
> and O_APPEND, then switches to weaker credentials.
>
> This stuff is surprisingly tricky... I think it's better to keep root
> thoroughly dead after startup as it is now and put up with this very
> small race for a few ms every week where we might lose logs that
> happen in that window.
>
> I'll unpick my SIGHUP handler and see what happens if we just tell
> logrotate to do the truncate.
Have your HUP simply re-open the log files (O_APPEND).  Also if
possible, have your initial log open happen with reduced privileges, but
root may be required if the log file isn't pre-created.

In logrotate you can add:

create 0640 lwsd root

To have logrotate pre-create an empty log file for you which lwsd will
then end up opening (for which it will have write access now), and any
user in the root group will be able to read it.

I hope that helps.

Kind Regards,
Jaco



More information about the Libwebsockets mailing list