Re: s6-log can create current with 640?

From: Dewayne Geraghty <dewayne.geraghty_at_heuristicsystems.com.au>
Date: Thu, 24 Oct 2019 10:03:58 +1100

Thanks Jonathon. Both attempts were within the execlineb context, so I
assume that umask was correctly employed ;). I tried

My initial attempt

#!/usr/local/bin/execlineb -P
s6-setuidgid uucp
redirfd -r 0 /services/ntp/fifo
umask 037
/usr/local/bin/s6-log -b n14 r7000 s100000 S3000000 !"/usr/bin/xz -7q"
/var/log/ntpd

which results in notice of "# echo: write: Broken pipe"; the ntp process
properly starts but there is no ntp logging process.

---
The usual flow is
echo: write: Broken pipe
...
and in quick succession (<1 sec):
# ps -axww | grep ntpd
28869  -  Rs         0:00.00 s6-setuidgid uucp redirfd -r 0
/service/fifo umask 037 /usr/local/bin/s6-log -b n14 r7000 s100000
S3000000 !/usr/bin/xz -7q /var/log/ntpd
# ps -axww | grep ntpd
29457  -  Ss         0:00.03 /usr/local/sbin/ntpd -c /etc/ntp.conf -u
ntpd -x -G --nofork
and /var/log/ntpd folder is empty (with mode rwx------)
---
If I move umask up one line (before redirfd), the logging process
doesn't start; and blocks the start of ntp.  There is a dependency
relationship ntp-log <- ntp  so this is expected.
I was surprised that umask didn't work, but not overly concerned; as
Colin, quite rightly, pointed to my directory permissions as being
adequate.  Now to migrate sendmail and its milters...
Regards, Dewayne
Received on Wed Oct 23 2019 - 23:03:58 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:44:19 UTC