httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: symlinks and logfiles
Date Sun, 05 Jan 1997 08:13:06 GMT
Ewww! :)  It sucks to "lose" your logfile if there's a system failure
between the mv to logs/foo and the mv back.  What if you just hardlink
into logs/foo.  Of course then you run into the problem that on some
systems a hardlink of a symlink gets the destination of the link, and on
others it gets the symlink itself.

Another option, equally pointless considering we've agreed people won't
read the docs, is to have a wwwlog user who has write perms in the log
directory.  Then become that user to open the logs, and return to root
before becoming the www user.

Could the same thing be done by becoming www but group wwwlogs, then
removing that group before forking the children?

Dean

On Sun, 5 Jan 1997, Marc Slemko wrote:

> I think the following should be a safe way of opening logfiles.  Since
> we have no way to do a check and open atomically, we need to make sure
> that no one else can play with the file between the check and open.
> This can be accomplished by creating a mode 600 directory and
> temporarily moving the logfile into there.
> 
> In mixed-pseudocode:
> 	if (mkdir("logs/foo")) whine;
> 	chmod logs/foo 600
> 	-f logs/logfile && mv logs/logfile logs/foo/logfile
> 	# check logs/foo/logfile to see if it is a link, etc.
> 	fd = open("logs/foo/logfile", ...)
> 	mv logs/foo/logfile logs/logfile
> 	rmdir("logs/foo");
> 
> Now the only race condition (I think) is if someone tries reading the
> logfile before it is moved back, it will fail but that shouldn't be a
> huge deal.  
> 
> It is ugly though and I'm not sure it is worth implementing.
> 
> 


Mime
View raw message