ubuntu upstart permission error when writing to log on a non admin user

Question

I have a simple upstart script:

start on started network-services

respawn
respawn limit 100 5

setuid www-data

exec node /var/testapp/app.js >> /var/log/testapp.log 2>&1

post-start exec echo "Server was (re)started on $(date)" | mail -s "Crashing Server (re)starting" admin@sample-test.com

but because I'm running the node app as 'www-data', I don't have write permissions on testapp.log.

What is the best approach to address that?

I would rather not pre-create the log file with 'www-data' as it's owner, because I would like as few steps as possible for the setup. I'd also rather not run the app as 'www-data' with sudo:

exec sudo -u www-data node /var/testapp/app.js >> /var/log/testapp.log 2>&1

because when I do so, root is also running the process. Maybe I'm wrong, but I see that as a security issue. If it's not a security issue - please enlighten me.

score 3 · Accepted Answer · edited Aug 07 '14 at 20:42

3

You can just create another directory in the log dir and give www-data ownership:

sudo mkdir /var/log/testapp
sudo chown www-data:www-data /var/log/testapp

/var/log/testapp is now writable by www-data, so then in upstart script you would have:

exec node /var/testapp/app.js >> /var/log/testapp/app.log 2>&1

edited Aug 07 '14 at 20:42

Alison R.

4,490

answered May 07 '14 at 08:42

ducktape

46
2

ubuntu upstart permission error when writing to log on a non admin user

1 Answers1