Opened 8 years ago

Closed 8 years ago

#1176 closed defect (fixed)

nginx changes ownership of /var/log/nginx/error.log even if error_log is configured to syslog

Reported by: selivan@… Owned by:
Priority: minor Milestone:
Component: documentation Version: 1.11.x
Keywords: Cc:
uname -a: Linux web4 3.13.0-106-generic #153-Ubuntu SMP Tue Dec 6 15:44:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.11.7
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-threads --with-http_gunzip_module --with-http_gzip_static_module --with-http_geoip_module --add-module=/home/user/NGINX/nginx-1.11.7/debian/modules/nginx-echo --add-module=/home/user/NGINX/nginx-1.11.7/debian/modules/naxsi/naxsi_src

Description

nginx.conf:

...
user www-data;
error_log syslog:server=unix:/dev/log,nohostname,facility=local7,tag=nginx_error_log,severity=info;
...

After receiving SIGUSR1 nginx changes ownership of /var/log/nginx/error.log from syslog to www-data, breaking syslog ability to write to this file.

I think this behavior is unexpected. It should be changed(do not touch files not mentioned in config) or at least documented here: http://nginx.org/en/docs/control.html in section "Rotating Log-files".

Attachments (1)

docs.patch (4.5 KB ) - added by selivan@… 8 years ago.

Download all attachments as: .zip

Change History (9)

comment:1 by Maxim Dounin, 8 years ago

Component: nginx-coredocumentation

As you can see from the nginx -V output, /var/log/nginx/error.log is the default error_log file. It is still used in your case as there are no error logs configured with logging to a file (only a syslog one), and nginx creates it / changes ownership as appropriate.

It probably worth documenting that specified default error log is always used at global level if there are no other file-based logs configured.

in reply to:  1 comment:2 by selivan@…, 8 years ago

Replying to mdounin:

It probably worth documenting that specified default error log is always used at global level if there are no other file-based logs configured.

Is there any way to propose documentation change via github or something like that?

Version 0, edited 8 years ago by selivan@… (next)

comment:3 by Maxim Dounin, 8 years ago

Documentation is available in the Mercurial repo here:

http://hg.nginx.org/nginx.org

You can propose changes much like to nginx itself, see Contributing Changes.

by selivan@…, 8 years ago

Attachment: docs.patch added

comment:4 by selivan@…, 8 years ago

Attached proposed documentation patch, also posted it to nginx-devel@…

comment:5 by selivan@…, 8 years ago

I unsubscribed from nginx-devel@…, please write updates to this ticket.

P.S. Anybody alive here?

comment:6 by Yaroslav Zhuravlev, 8 years ago

Thanks for the patch, currently in the queue for adding to nginx.org

comment:8 by Yaroslav Zhuravlev, 8 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.