Add a permissions option to logging.files for all beats #4428
Conversation
|
Can one of the admins verify this patch? |
|
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically on build-eu-00. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
libbeat/docs/loggingconfig.asciidoc
Outdated
| ===== files.permissions | ||
|
|
||
| The permission mask to apply when rotating log files. The default value is 0600. The | ||
| `permissions` option must be a valid file permissions mask. |
There was a problem hiding this comment.
Can we add a link to a resource that describes what constitutes a valid file permissions mask? An example is always good, too.
There was a problem hiding this comment.
Would a link to this do? https://golang.org/pkg/os/#FileMode
Or a link to https://en.wikipedia.org/wiki/File_system_permissions#Numeric_notation ?
There was a problem hiding this comment.
Hmm...I wouldn't link to wikipedia even though it's more descriptive. Linking to the golang doc might actually confuse people.
So maybe instead of a link, you could be a bit more descriptive. Maybe say something like, "The permissions options must be a valid Unix-style file permissions mask expressed in octal notation (for example, 0754).
Or you could link to the following website, which is super useful, but I hesitate to point to it as a resource because I don't know who maintains it or how long it will be around: https://www.filepermissions.com/
There was a problem hiding this comment.
You got it. I have amended my commit according to your comments. Any further feedback is very welcome! Thanks!
atoulme
force-pushed
the
issue_4295
branch
4 times, most recently
from
e96d54e
to
726b983
Compare
|
Current status:
|
|
@atoulme Thanks for the PR! There's now a failure on Travis that looks related to this change: https://travis-ci.org/elastic/beats/jobs/238535618#L423 |
| @@ -27,6 +27,7 @@ logging.files: | |||
| path: /var/log/mybeat | |||
| name: mybeat.log | |||
| keepfiles: 7 | |||
| permissions: 0644 | |||
There was a problem hiding this comment.
I worry slightly about how YAML interprets this number, is it sure to be octal?
There was a problem hiding this comment.
From the point of view of go, it's supposed to be a uint32. So it should be ok?
https://golang.org/pkg/os/#FileMode
Note I added validation to make sure the number is less than 7777, but now I realize we could do better.
There was a problem hiding this comment.
The users will be required to start the value with a leading 0 in order for it to be interpreted as octal in YAML.
There was a problem hiding this comment.
@andrewkroh I have added some information in the doc to that effect.
libbeat/logp/file_rotator.go
Outdated
| @@ -56,6 +57,10 @@ func (rotator *FileRotator) CheckIfConfigSane() error { | |||
| if *rotator.KeepFiles < 2 || *rotator.KeepFiles >= RotatorMaxFiles { | |||
| return fmt.Errorf("The number of files to keep should be between 2 and %d", RotatorMaxFiles-1) | |||
| } | |||
|
|
|||
| if rotator.Permissions != nil && (*rotator.Permissions > 7777) { | |||
There was a problem hiding this comment.
I think 7777 should be os.ModePerm instead. Only the permission bits should be settable in the mode.
| @@ -27,6 +27,7 @@ logging.files: | |||
| path: /var/log/mybeat | |||
| name: mybeat.log | |||
| keepfiles: 7 | |||
| permissions: 0644 | |||
There was a problem hiding this comment.
The users will be required to start the value with a leading 0 in order for it to be interpreted as octal in YAML.
libbeat/logp/file_rotator.go
Outdated
| @@ -56,6 +57,10 @@ func (rotator *FileRotator) CheckIfConfigSane() error { | |||
| if *rotator.KeepFiles < 2 || *rotator.KeepFiles >= RotatorMaxFiles { | |||
| return fmt.Errorf("The number of files to keep should be between 2 and %d", RotatorMaxFiles-1) | |||
| } | |||
|
|
|||
| if rotator.Permissions != nil && (*rotator.Permissions > 7777) { | |||
| return fmt.Errorf("The permissions mask %d is invalid", *rotator.Permissions) | |||
There was a problem hiding this comment.
Error strings should not be capitalized. https://github.com/golang/go/wiki/CodeReviewComments#error-strings
There was a problem hiding this comment.
WDYT about providing a hint here about starting the configured value with a leading 0?
atoulme
force-pushed
the
issue_4295
branch
4 times, most recently
from
032c54f
to
eb29a28
Compare
libbeat/logp/file_rotator.go
Outdated
| return fmt.Errorf("the number of files to keep should be between 2 and %d", RotatorMaxFiles-1) | ||
| } | ||
|
|
||
| if rotator.Permissions != nil && (*rotator.Permissions > 07777) { |
There was a problem hiding this comment.
Can you replace the 07777 with the constant os.ModePerm (which is 0777). That should be the max value because users should be setting mode type.
|
jenkins, test it |
(cherry picked from commit fecbdf4)
This is a submission for a fix to issue #4295.