Default permissions for vertica.log

ivanivan - Select Field -

Hello, the default permissions for the vertica.log file have changed starting in vertica version 9.2
Before vertica.log used to be 644 (-rw-rw-rw ) and now in vertica 10.x after a logrotate, the vertica.log file gets created with 600 (-rw------) permissions. this is creating an issue as we were reading the vertica.log file from other linux users.... and now after a logrotate file is not readable.
note: When starting vertica for the very first time, or when there is no vertica.log, the vertica.log does get created with 644 permissions it is only after a logrotate, performed by the vertica provided pyton script, do_logroate.py that file is not readable.
Thanks for letting me know how to set default permissions for the vertica.log file so it is 644.
ivan

Answers

  • Bryan_HBryan_H Vertica Employee Administrator

    Edit the dbadmin crontab and add a chmod a few minutes after logrotate like this:

    # Minute Hour Day Month Day of Week Command
    5 3 * * * /opt/vertica/oss/python3/bin/python3 -m vertica.do_logrotate &> /dev/null
    10 3 * * * chmod 644 /data1/dbadmin/d2/v_d2_node0001_catalog/vertica.log

  • ivanivan - Select Field -

    Thanks, that's what we are doing. And yes it does solve the issue.
    My intention was to understand why does the vertica process creates the the vertica.log with 644 permissions the very first time it starts, or when starting and there is no vertica.log file. And then after processing the USR1 signal that the logrotate script makes, it creates a vertica.log with 600 permissions.
    This is not coherent. I wanted to understand if there is some valid reason for this or is it simply kind of an "error".
    Thanks

  • moshegmosheg Vertica Employee Administrator

    In the past there was a new feature request VER-53154 for accessing vertica.log by non-dbadmin users.
    However, since Vertica.log might contain sensitive info the default permission remains 600.
    As mentioned, the following workarounds are available:

    • Cron job to change the directory perms manually
    • Cron job to copy the logs out of that directory
    • Run needed monitor process as dbadmin
      So perms not an issue.
  • ivanivan - Select Field -
    edited December 2020

    What is not coherent is that when starting vertica when there is no vertica.log file, the vertica .log file gets created with 644 permissions creating confusion. I guess we can close this discussion.
    thanks

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file