Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File permissions can't have full accesss #4810

Open
The-LittleTeapot opened this issue Jan 30, 2025 · 3 comments
Open

File permissions can't have full accesss #4810

The-LittleTeapot opened this issue Jan 30, 2025 · 3 comments
Labels
enhancement Feature request or improve operations help wanted We need your help!

Comments

@The-LittleTeapot
Copy link

Describe the bug

Unable to set

file_permission 777

Files are created as 755 due to umask.

To Reproduce

add to config:

file_permission 777

Expected behavior

files should be created with full permissions

Your Environment

- Fluentd version: v1.16.6-debian-1.0
- Operating system:GNU/Linux
- Kernel version:3.10.0-1160.76.1.el7.x86_64

Your Configuration

<system>
  file_permission 777
</system>

<source>
  @type forward
  port 24224
  bind 0.0.0.0
</source>

<match **>
  @type copy
  
  <store>
  @type file
    path /app/log/webui-testing/webui-debug-log3
    append true
    format out_file
    <buffer>
      path /app/buffer/webui/webui-debug-buffer
      flush_interval 5s
      flush_mode interval
      chunk_limit_size 512m
      total_limit_size 1g
      overflow_action block
      @type file
    </buffer>
  </store>
</match>

Your Error Log

NO error message,

Files are created with r-x permissions (755) due to the default umask.

Additional context

If changing the permissions is not possible how can we change the default umask?
@daipom
Copy link
Contributor

daipom commented Feb 3, 2025

Fluentd has --umask command line option.

However, we cannot set this in system_config.
We should add this setting to system_config.

@daipom
Copy link
Contributor

daipom commented Feb 3, 2025
edited
Loading

For docker images, we can change this in ENTRYPOINT.

https://github.com/fluent/fluentd-docker-image/blob/89d5c78641633b5ea8acff6958f484ef75c45160/v1.18/debian/Dockerfile#L64

Example:

ENTRYPOINT ["tini",  "--", "/bin/entrypoint.sh", "--umask", "0000"]

@daipom daipom closed this as completed Feb 3, 2025
@daipom daipom mentioned this issue Feb 3, 2025
Open
egemenkus added a commit to egemenkus/fluentd that referenced this issue Feb 9, 2025
@egemenkus
Added umask support to system configuration
49ddfbe 
- Implemented 'umask' option in system config to address fluent#4810.
- Users can now define 'umask' in Fluentd configuration instead of CLI args.
- Improves usability for services and container images by removing reliance on '--umask' argument.
egemenkus added a commit to egemenkus/fluentd that referenced this issue Feb 9, 2025
@egemenkus
Added umask support to system configuration
68edd0d 
- Implemented 'umask' option in system config to address fluent#4810.
- Users can now define 'umask' in Fluentd configuration instead of CLI args.
- Improves usability for services and container images by removing reliance on '--umask' argument.

Signed-off-by: kushynoda <egemen.utku3@gmail.com>
@daipom daipom reopened this Feb 21, 2025
@daipom daipom moved this from Done to To-Do in Fluentd Kanban Feb 21, 2025
@daipom daipom added the enhancement Feature request or improve operations label Feb 21, 2025
@daipom
Copy link
Contributor

daipom commented Feb 21, 2025

Sorry. There are some limitations for --umask.
It would not work for Fluentd Docker images.

  • Fluetnd v1.14.6 ~ v1.18.0: --umask works only when using --no-supervisor.
  • However, even if that PR is merged, it would not work for Fluentd Docker images.
    • In ServerEngine, it appears that the umask value is applied only when using daemonize.
    • So, it would work for fluent-package, but not for Docker images.

I wonder why ServerEngine has such specifications.
Is there any reason why an application should not change umask if it does not run as a daemon?
If there is no particular reason, then we could fix ServerEngine to solve this issue.

Or is it possible to change umask on the container environment?

@daipom daipom added the help wanted We need your help! label Feb 21, 2025
@daipom daipom mentioned this issue Feb 21, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Feature request or improve operations help wanted We need your help!
Projects
Fluentd Kanban
Status: To-Do
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daipom @The-LittleTeapot