On Dec 6, 6:35 pm, evenrik <even...@gmail.comwrote:
An a redhat box I have root, apache and other normal users run code
that uses theloggingmodule to write to the same log file. Since
umasks are set to 2 or 022 this gets permission errors.
I have fixed my issue by patching theloggingcode everywhere there is
an open for write with:
try:
old_umask = os.umask(0)
# open for write here
finally:
os.umask(old_umask)
Is there a better way to solve this issue?
Are there any security problems with this solution other than the log
file not being protected?
Multiple processes writing to the same log file may step on each
other's toes: logging contains thread synchronisation code but no
protection against multiple processes accessing the same resource. The
best solution would be to log from all processes to a SocketHandler,
and then have a socket receiver process write the logs to file. This
effectively serialises access to the log file. An example is given in
the logging docs, see
http://docs.python.org/lib/network-logging.html
Of course, you can have the receiver process run under a uid of your
choosing which has the appropriate permissions to write to the log
file.
Regards,
Vinay Sajip