world-writable log files

I'm curious if there is some reason why the rails command creates the log files as world-writable. This doesn't seem very security conscious.

I know I can have capistrano or puppet change the file mode on those, but that's an extra step... and one that most people probably don't do.

So, what say ye? Was this intentional?

thanks,

Ben

Considering that various other parts of Rails recommend 0666 perms on log files, I'd say it was definitely deliberate. Ill-advised, definitely, but deliberate.

- Matt

Matt Palmer wrote:

My guess would be to support FCGI processes that are running the same use as Apache which would usually be a different user and group from the user uploading and deploying the application files.

Solved on all my servers with:

chgrp -R www-data log tmp chmod -R g+w log tmp

- Matt

Matt Palmer wrote:

Considering that various other parts of Rails recommend 0666 perms on

log

files, I'd say it was definitely deliberate. Ill-advised, definitely,

but deliberate. Hmm, but why would rails ever recommend something that is ill-advised? :smiley:

My guess would be to support FCGI processes that are running the same use as Apache which would usually be a different user and group from the user uploading and deploying the application files.

Solved on all my servers with:

chgrp -R www-data log tmp chmod -R g+w log tmp

- Matt

Actually, after digging into this a bit more, it's not really Rails' fault. The rails command does create a production.log, but most people don't actually check that in to their repository or deploy it. Rather, the Ruby Logger class creates the file on the fly when the app is started. This is creating the file as 0666.

I would still like to figure out some way to configure Logger to do 0660 rather than have to rely on chmod-ing after the fact. But, that's clearly something I should take up with the Ruby folks.

thanks for you answers...

Ben

Your issue is solved, but nevertheless I would like to chime in. AFAIK Rails consciously avoids being paranoid about most of the permissions (also having a user in the db that can modify tables). In the long run being too paranoid causes more grief than convenience. If you need stuff to be locked tight modify your deployment scripts accordingly :slight_smile:

Or you can indeed make your own Logger (which seems the easiest to me).