Permission error writing logging to files from xDataservice with Linx64 apachewebbroker

Robroeks_Jops · February 5, 2021, 11:11am

Hi,

I've a project running on linux64 with xData with an apachewebbroker. I would like to write logging to a file with tmslogger. This works during the startup of the xDataserver, but returns a permission issue when calling an endpoint from for example postman. The file is created via tmsdefaultlogger.

During start-up:

  TMSDefaultLogger.RegisterOutputHandlerClass(TTMSLoggerTextOutputHandler, ['/server/server.log']);
  TMSDefaultLogger.RegisterOutputHandlerClass(TTMSLoggerConsoleOutputHandler);
  TMSDefaultLogger.Trace('test');

But when calling the healthcheck from the xdata service:

type
  [ServiceImplementation]
  TMonitoringService = class(TInterfacedObject, IMonitoringService)
  private
    function Healthcheck: string;
  end;

implementation

function TMonitoringService.Healthcheck: string;
begin
  TMSDefaultLogger.Trace('test hc');
  result := 'Healthy';
end;

initialization
  RegisterServiceType(TMonitoringService);

end.

I receive the following error:

{
    "error": {
        "code": "FOpenError",
        "message": "Cannot open file \"'/server/server.log'\". System error:    D"
    }
}

The healthcheck function works when all permissions are given to the specific folder or file (sudo chmod 777).

How should I let tmsdefaultlogger create the logging file so that its still writable via the xdata services?

Kind regards,

Jan Robroeks

wlandgraf · February 9, 2021, 2:14pm

If I remember correctly, a file to be accessible from Apache (and its modules) must belong to user/group www-data: https://stackoverflow.com/a/42144644

Robroeks_Jops · February 10, 2021, 7:37pm

I still did not expect that the permissions seem to be different during the start up of the xData server than when calling an endpoint. The folders are created during the start up as well from the xData application. Anyway, i'll check if its possible to set certain permissions when the folders are created.

Robroeks_Jops · March 5, 2021, 8:12am

Wagner is right about the www-data group: Apache2 starts as root to bind the ports. After that it continues to handle the requests as www-data. So that user needs to have the right permissions to write the files. We decided to change the rights to www-data in a testing enivronment, but in production we only log to stdout.

Same holds for certain packages that you want to use in apache. They have to be installed in such way that www-data can access it.

system · March 5, 2021, 9:48am

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.