#1181 LOG: ownership of directories and files should be configurable

[Hans Feldt]

Today LOG creates files and directories whose ownership will be that of the primary group. LOG should support an additional group that should be used for created directories/files. This additional group needs to be an supplementary group for the log server process. An environment variable is enough for configuration. There is no need to change this group in runtime.

[elunlen]

The log service has a configuration object which replaces usage of environment variables.
Ref: #2463: LOG: introduce IMM configuration object for LOG service itself
This ticket number is from the old "http://devel.opensaf.org/" ticket system and was introduced two years ago.
I therefore think it is better to add a configuration attribute in the configuration object. Runtime changes should be rejected.

[Mathi Naickan]

Hans,
Could you describe the use case for this plesae?

Mathi.

[Tai Dinh]

UC:
- Log server runs as non root user/group (opensaf/opensaf) and its created log files are not world readable for security issue.
- Log also provides application log stream for application.
- As an application users, I want to read application log and also syslog, alarm log,..

So, we should have a shared group for this purpose. Users want to read log files should become member of this group.

[Tai Dinh]

Hi Lennart,

Please see my comment inline.

BR,
Tai Dinh

DEK Technologies Vietnam
121/137 Le Loi Street, Ben Thanh Ward,
District 1, HCM City, Vietnam
Mobile: +84 9 33 37 82 90

From: Lennart Lund [mailto:lennart.lund@ericsson.com]
Sent: Friday, January 30, 2015 3:51 PM
To: Tai Dinh C
Cc: Tai Dinh C
Subject: RE: [PATCH 0 of 1] Review Request for LOG: ownership of directories and files should be configurable [#1181]

Hi Tai,

Sorry for a late answer but I’m quite busy with another project and I don’t have so much time for testing right now.

Does the patch that was attached to your latest mail contain any changes compared to the previous patch?
[Tai] The previous kept unchanged. I retested it with the UML and saw no crashed. The only problem is that the log files could not be owned by this new group.
The reason of this is because of something strangle with UML. Mathi is helping to confirm it now.
So the attach patch only helps to bypass this problem.

In general the Log service (or any service) must be “immune” (no crash allowed) to any external changes that may happen e.g.

• If log files are no longer accessible (permissions for root directory sub directory file permissions etc. has been changed outside of log service control)
  If log records cannot be written a corresponding error code shall be given in callback
• If changing log root directory also if setting of group name, group id, permissions etc is incorrect
  If incorrect settings changing of root directory shall not be allowed

[Tai] Currently, only error are logged into the syslog and LOG still keeps working as before.
If users try to change root directory and group name as the same time and either of them could not pass the verification then the whole CCB will be aborted.
Does those look OK to you?

Other:
- Other possible external changes and IMM configurations that may be attempted to change must be handled.
[Tai] IMM changes will be handled by callback and configuration file change will be handle at restart if IMM is not configured
- Relevant and understandable TRACE and LOG prints shall be generated
[Tai] I put some already.
- Tests that can be run in UML environment should be created. If for some reason (e.g. manual steps are needed) tests are not suitable to be put in the automatic regression test suite a separate test program can be written.
[Tai] Will look into this now.
- The README file shall be updated with information not only about the new configuration attribute but also with some description of the new feature. The text in the README file will be used also when the programmers reference document is updated
[Tai] I put some already.
- If new tests are created that needs some explanation this information can be written in a README file in the test directory as well. No such README file exist today but there is ok to add one. Another possibility is to have a help <-h> option in the test program.
[Tai] Will look into this now.

It would be a great help if you could write tests, do some more testing and make sure that it is not possible to crash the Log service.
[Tai] OK.

Thanks
Lennart

[Tai Dinh]

Agree.
Then I'll set the ticket back to accepted and resend for review when TCs updated.

BR,
Tai Dinh

-----Original Message-----
From: Mathivanan Naickan Palanivelu [mailto:mathi.naickan@oracle.com]
Sent: Wednesday, February 04, 2015 2:24 PM
To: tai.dinh@dektech.com.au
Cc: lennart.lund@ericsson.com
Subject: Re: [PATCH 0 of 1] Review Request for LOG: ownership of directories and files should be configurable [#1181]

Hi Tai,

On top of the logging corrections,
we could put a explicit check that does not treats ENOENT as an error for setgrent().

Thanks,
Mathi.

[Tai Dinh]

Adding TCs for this feature.

[Mathi Naickan]

changeset: 6315:3fe9ca55d47f
parent: 6313:5f3d5c0198cf
user: tai.dinh@dektech.com.au
date: Mon Mar 09 15:09:28 2015 +0530
summary: osaf: ignore ENOENT for setgrent() for supporting UML [#1181]

changeset: 6316:580dbfff2bda
user: tai.dinh@dektech.com.au
date: Mon Mar 09 15:12:20 2015 +0530
summary: log: configurable ownership of log directories and files [#1181]

changeset: 6317:0ef479e4b888
tag: tip
user: tai.dinh@dektech.com.au
date: Mon Mar 09 15:13:40 2015 +0530
summary: tests: update log tests [#1181]