[Twisted-Python] twistd --uid and --logfile

twisted-web at udmvt.ru twisted-web at udmvt.ru
Wed Aug 18 05:11:55 EDT 2010


On Tue, Aug 17, 2010 at 01:35:41PM +0200, Zoran Bosnjak wrote:
> I am running twisted application from /etc/init/myapp.conf by exec
> statement like this:
> exec /usr/bin/twistd --uid=<id> --gid=<gid> --logfile=/var/log/dir/file
> 
> The problem is when log file is first created under /var/log/dir (dir is
> owned by user id), the owner of the file is 'root', not requested user.
> As a consequence, the twistd is not able to rotate log files.
> 
> If the logfile is already created (and chowned) before running twistd,
> there is no problem. It looks like set uid/gid is called too late inside
> twistd. It is suppose to be called before creating a logfile.
> 
> Is this a bug or am I missing something?
It is always safer to use external tools to change uids and gids where possible.
It is also always safer to have logfiles always present on their place and with
correct ownership (or refuse to run entirely).

Having log files created by the superuser is not secure, especially when
log directory is user writeable. That is security vulnerability.

> 
> Zoran
> 
> 
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python

-- 
Alexey S.



More information about the Twisted-Python mailing list