logging.py: mutiple system users writing to same file gettingpermission errors.

**Vinay Sajip** · Dec 7 '07, 08:55 PM

Re: logging.py: mutiple system users writing to same file gettingpermissi on errors.

On Dec 6, 6:35 pm, evenrik <even...@gmail. comwrote:

An a redhat box I have root, apache and other normal users run code
that uses theloggingmodul e to write to the same log file. Since
umasks are set to 2 or 022 this gets permission errors.
>
I have fixed my issue by patching theloggingcode everywhere there is
an open for write with:
try:
old_umask = os.umask(0)
# open for write here
finally:
os.umask(old_um ask)
>
Is there a better way to solve this issue?
Are there any security problems with this solution other than the log
file not being protected?

Multiple processes writing to the same log file may step on each
other's toes: logging contains thread synchronisation code but no
protection against multiple processes accessing the same resource. The
best solution would be to log from all processes to a SocketHandler,
and then have a socket receiver process write the logs to file. This
effectively serialises access to the log file. An example is given in
the logging docs, see

404 Not Found

http://docs.python.org/lib/network-logging.html

Of course, you can have the receiver process run under a uid of your
choosing which has the appropriate permissions to write to the log
file.

Regards,

Vinay Sajip

**evenrik** · Dec 10 '07, 08:35 PM

Re: logging.py: mutiple system users writing to same file gettingpermissi on errors.

On Dec 7, 12:46 pm, Vinay Sajip <vinay_sa...@ya hoo.co.ukwrote:

On Dec 6, 6:35 pm, evenrik <even...@gmail. comwrote:
>

An a redhat box I have root, apache and other normal users run code
that uses theloggingmodul e to write to the same log file. Since
umasks are set to 2 or 022 this gets permission errors.

>

I have fixed my issue by patching theloggingcode everywhere there is
an open for write with:
try:
old_umask = os.umask(0)
# open for write here
finally:
os.umask(old_um ask)

>

Is there a better way to solve this issue?
Are there any security problems with this solution other than the log
file not being protected?

>
Multiple processes writing to the same log file may step on each
other's toes: logging contains thread synchronisation code but no
protection against multiple processes accessing the same resource. The
best solution would be to log from all processes to a SocketHandler,
and then have a socket receiver process write the logs to file. This
effectively serialises access to the log file. An example is given in
the logging docs, see
>

404 Not Found

http://docs.python.org/lib/network-logging.html

>
Of course, you can have the receiver process run under a uid of your
choosing which has the appropriate permissions to write to the log
file.
>
Regards,
>
Vinay Sajip

Thank you for the warning about multiple processes. We decided to try
creating a DBHandler to write the logs to PostgeSQL.

**Vinay Sajip** · Dec 11 '07, 12:45 PM

Re: logging.py: mutiple system users writing to same file gettingpermissi on errors.

On Dec 10, 8:34 pm, evenrik <even...@gmail. comwrote:

On Dec 7, 12:46 pm, Vinay Sajip <vinay_sa...@ya hoo.co.ukwrote:
>
>
>

On Dec 6, 6:35 pm, evenrik <even...@gmail. comwrote:

>

An a redhat box I have root, apache and other normal users run code
that uses theloggingmodul e to write to the same log file. Since
umasks are set to 2 or 022 this gets permission errors.

>

I have fixed my issue by patching theloggingcode everywhere there is
an open for write with:
try:
old_umask = os.umask(0)
# open for write here
finally:
os.umask(old_um ask)

>

Is there a better way to solve this issue?
Are there any security problems with this solution other than the log
file not being protected?

>

Multiple processes writing to the same log file may step on each
other's toes:loggingcon tains thread synchronisation code but no
protection against multiple processes accessing the same resource. The
best solution would be to log from all processes to a SocketHandler,
and then have a socket receiver process write the logs to file. This
effectively serialises access to the log file. An example is given in
theloggingdocs, see

>

http://docs.python.org/lib/network-logging.html

>

Of course, you can have the receiver process run under a uid of your
choosing which has the appropriate permissions to write to the log
file.

>

Regards,

>

Vinay Sajip

>
Thank you for the warning about multiple processes. We decided to try
creating a DBHandler to write the logs to PostgeSQL.

Okay. In case you're interested - the original distribution of the
logging package (before it became part of Python) is at
http://www.red-dove.com/python_logging.html and some of the test
scripts, which are in the tarball available from that page, contain an
example database handler (in test script log_test14.py).

Best regards,

Vinay Sajip

logging.py: mutiple system users writing to same file gettingpermission errors.

logging.py: mutiple system users writing to same file gettingpermission errors.

Comment

Comment

Comment