Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set permissions and ownership of parent directories of ".pos" files #4822

Open
lifecrisis opened this issue Feb 5, 2025 · 2 comments
Open

Set permissions and ownership of parent directories of ".pos" files #4822

lifecrisis opened this issue Feb 5, 2025 · 2 comments
Labels
waiting-for-user Similar to "moreinfo", but especially need feedback from user

Comments

@lifecrisis
Copy link

Is your feature request related to a problem? Please describe.

Greetings:

I am investigating how directories are created when using the tail input plugin. It would be super helpful if I could get some guidance on how this works since I'm having trouble getting clarity from the docs.

Relevant documentation can be found here.

The documentation gives an example at the top, which I will modify and reproduce here to describe my problem...

<source>
  @type tail
  path /var/log/httpd-access.log

  # NOTE: Here I have inserted the additional /httpd/ directory.
  pos_file /var/log/td-agent/httpd/httpd-access.log.pos

  tag apache.access
  <parse>
    @type apache2
  </parse>
</source>

My problem is as follows: When td-agent starts up, it will create the /var/log/td-agent/httpd/ directory as needed to hold the .pos file under it. I find that I am unable to use the configuration files to specify the ownership and mode for this new directory. I have verified that the td-agent user on my machine can set the ownership and mode of this directory, but I can't do it automatically in the config files.

For example, when the dirctory holding the .pos file is created, the mode is 00755 when I would like it to be 00770. I would also like it to have a specific user and group ownership.

I am not sure if this would be a new feature, or if I'm just missing how to make this small change from reading the existing docs. If I am missing something, I apologize!

Many thanks in advance, please let me know if more information is needed and I will try to provide it.

Best,
lifecrisis

Describe the solution you'd like

I would like to be able to set custom ownership and permissions on directories created to hold .pos files.

Describe alternatives you've considered

I tried setting the permissions external to the td-agent process, but this is cumbersome with many servers. It is best to specify the permissions in the config files so that I can rely on td-agent to set itself up properly. :)

Additional context

No response
egemenkus added a commit to egemenkus/fluentd that referenced this issue Feb 9, 2025
@egemenkus
feat: Add directory configuration for pos_file
4f13e58 
This commit adds new configuration options for the tail input plugin
to control the pos_file directory permissions and ownership:

- Add pos_dir_perm parameter for directory permissions
- Add pos_dir_owner parameter for directory owner
- Add pos_dir_group parameter for directory group
- Use Etc.getpwnam and Etc.getgrnam for proper user/group resolution

Example config:
<source>
  @type tail
  pos_file /var/log/td-agent/httpd/file.pos
  pos_dir_perm 0770
  pos_dir_owner 'root'
  pos_dir_group 'wheel'
</source>

Closes fluent#4822

Signed-off-by: kushynoda <egemen.utku3@gmail.com>
@egemenkus egemenkus mentioned this issue Feb 9, 2025
Closed
@kenhys
Copy link
Contributor

kenhys commented Feb 10, 2025
edited
Loading

https://docs.fluentd.org/deployment/command-line-option
Fluentd's --umask command line option might help what you want.

https://docs.fluentd.org/deployment/system-config#dir_permission
https://docs.fluentd.org/deployment/system-config#file_permission

@Watson1978 Watson1978 added waiting-for-user Similar to "moreinfo", but especially need feedback from user and removed waiting-for-triage labels Feb 10, 2025
@egemenkus
Copy link

https://docs.fluentd.org/deployment/command-line-option Fluentd's --umask command line option might help what you want.

https://docs.fluentd.org/deployment/system-config#dir_permission https://docs.fluentd.org/deployment/system-config#file_permission

I recently submitted a PR to add explicit permission control for pos_file directories in Fluentd. However, since there is already a pending umask PR, I’m wondering if this feature is still necessary.

Does the umask option fully cover the need for setting pos_file directory permissions, or would having a dedicated configuration for this still be valuable?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
waiting-for-user Similar to "moreinfo", but especially need feedback from user
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature pos file permissions egemenkus/fluentd
4 participants
@Watson1978 @kenhys @lifecrisis @egemenkus