[Zope-Coders] new zLOG
Guido van Rossum
guido@python.org
Tue, 26 Nov 2002 11:49:50 -0500
> One thing that may be problematic about this:
>
> - you invoke zdaemon as root without -u in order to start a child
> app that manages its own setuid. zdaemon writes a logfile using
> the path specified in STUPID_LOG_FILE (as root).
>
> - the child itself uses the STUPID_LOG_FILE envvar to decide where
> to write a logfile
>
> - the daemon has already written the logfile as root.
>
> - the child will not be able to write to the event log file after
> it performs a setuid.
>
> I think this is a genuine concern. Maybe the answer is "dont do that",
> but can you imagine a better solution? I can, but it involves not using
> a single envvar to control where the event log file for an application
> and all of its is written, which would be fairly invasive.
I thought that the log configuration was going to be under ZConfig
control? For a prototype of how it might work, see load_logconf() in
ZEO/runsvr.py in the CVS trunk. Then zdaemon and ZEO can each have
their own log file (as they should, IMO).
BTW, ZEO/runsvr.py currently doesn't do any uid management, and
consequently won't let you use a port number under 1024, unless you
run the entire process as root. Because running as root is a bad
idea, this mean you can't use ports under 1024. Is this okay? The
same holds for ZEO/start.py, so I don't think there would be a
problem, but one never knows.
--Guido van Rossum (home page: http://www.python.org/~guido/)