permissions of application.log

I’m not sure if other people are running into this, or if it’s due to something quirky in my linux configuration… but, I’m finding that when application.log gets rotated, the new log file gets created without group permissions, and with the web server as the user.

Since I’m also using Console (command-line) Yii applications, it seems those run as whatever user I’m logged in as (not as the web server). Which means they crash when they try to write to the log.

The web server and the user I’m logged in as have the same group. All that’s required for this to work would be to have the log files be group writeable.

I can edit the yii/framework/CFileLogRoute.php to create the log files with group write permission, but I’m sure I’ll forget about this the next time I upgrade Yii and my command-line applications will crash again when they try to write to the log file.

I’m just wondering if anyone else has run across this issue - or has any thoughts on how I might do this differently while leaving the base yii framework files untouched.

You should never edit the source files of Yii framework. Instead you can override the Class you want to change it’s behavior. But i am not sure this is an application level issue, But more like a server issue. All the operations done by the application are done through the web user, You can add the web user to the group you want to have access to those files.

Thanks Vince. I’m not sure the way around this problem. The logs are getting created with 644 permissions…which means only the web user can edit them. Unfortunately, when I’m running a command line application - (extending CConsoleApplication) then that runs as whichever user I’m logged in as (NOT the web user). Which would be no problem if the logs were getting created with 664 permission. But they’re not. There’s no group write access - so the application fails.

How does anyone get around this problem? If I override the Class I want to change, I’ll still need to go into the Yii framework to tell it to use my overridden class.

Has anyone successfully switched between Console and Web applications without this sort of a permissions issue on the application log?

Can you paste the code you are trying to run and i will try to reproduce that on my machine.

I apologize for confusing the issue - the error does NOT occur when I run my custom console application.

it’s when I try to run the yiic shell. I get the output pasted below. The current permissions on protected/runtime/application.log are set to: 644.

I can set the permissions to 664, and then the yiic shell will run fine. But then I have to do it again, the next day, when application.log has rotated (ie a new application.log file has been created, with 644 permissions.)




prompt>$ protected/yiic shell

<!DOCTYPE html PUBLIC

        "-//W3C//DTD XHTML 1.0 Transitional//EN"

        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

<title>

PHP Error</title>


....snip....


<body>

<h1>PHP Error</h1>


<h3>Description</h3>

<p class="message">

error_log(/home/httpd/gotham/htdocs/cms/protected/runtime/application.log): failed to open stream: Permission denied</p>


<h3>Source File</h3>

<p>

/home/httpd/gotham/htdocs/yii/framework/logging/CFileLogRoute.php(138)</p>



Hi,

we ran into the same problem this morning: Webserver-configuration (Yii-Web Application) and Yii-Console-Application ran with two different users in the same group… Only one of the users rolled the application.log and the other user was unable to write the file afterwards. We solved the issue by extending CFileLogRoute the following way:




<?php


/**

 * CCustomFileLogRoute extends CFileLogRoute with setting correct group permissions.

 */

class CCustomFileLogRoute extends CFileLogRoute {


    /**

     * After processing the logs, chmod the resulting file so that it is

     *   group-writeable.

     */

    protected function processLogs($logs)

    {

        Yii::log("Processing custom logs start", trace);

        parent::processLogs($logs);

        $logFile=$this->getLogPath().DIRECTORY_SEPARATOR.$this->getLogFile();

        @chmod($logFile, 0664);

        Yii::log("Processing custom logs end", trace);

    }

}



The chmod call is performed often, but we have to live with that, hopefully unix cares ;) The configuration has to be modified as obvious:




'log'=>array(

  'class'=>'CLogRouter',

  'routes'=>array(

    array(

      'class'=>'CCustomFileLogRoute',

      'levels'=>'error, warning, info, trace',

    ),

    array(

      'class'=>'CWebLogRoute',

      'levels'=>'error' // , warning, info, trace',

    ),

  ),

),



Hope I could help someone - Cheers,

Rudi

Thanks a lot. This solves a rather annoying problem.

As a relative newcomer to Yii and MVC frameworks in general - I’m not quite sure where to put such a class. It doesn’t seem like a “model” or a “command”. “components”?

-Charlie

Nice to see that I could help you. We put that class under components, yes. Most of our utility classes and business logic are contained there, too. I did not test yet to create a folder structure in there, e.g. something like

  • services/

  • utils/

  • framework_extensions/

would be useful.

Cheers, Rudi