clarify file_mode and dir_mode
colinsurprenant opened this issue · 0 comments
Retranscripting a user's investigation:
Under documentation for CSV is a documentation for file_mode:
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-csv.html#plugins-outputs-csv-file_mode
There is the sentence:
File access mode to use. Note that due to the bug in jruby system umask is ignored on linux: jruby/jruby#3426 Setting it to -1 uses default OS value. Example: "file_mode" => 0640
In my opinion this documentation about file_mode and dir_mode as well is not true.
I did some tests with filemask:
/usr/share/logstash/bin/logstash --config.string 'input { stdin { } } output { csv { path => "/usr/share/logstash/00359402.csv" fields => "message" file_mode => 0000 } }' --log.level=debug
And result was this table:
0000 ----------.
0001 ---------x.
0002 ----------.
0003 ---------x.
0004 -------r--.
0005 -------r-x.
0006 -------r--.
0007 -------r-x.
Under RHEL7 umask for root is 0022.
I found this documentation about the ruby File method:
http://www.ruby-doc.org/core-2.1.2/File.html#method-c-new
which essentially says that ruby uses system call with open and chmod, which essentially says umask is always ignored regarding the bit that is set.
https://www.linuxnix.com/umask-define-linuxunix/
Umask values are subtracted from the default permissions, so a umask of 0222 would make a file read-only for everyone.
So if root default is 0022 which means that for group and other is always read-only, which is exactly what is happening here.
So I tested to set umask to 0000:
umask 0000 ; /usr/share/logstash/bin/logstash --config.string 'input { stdin { } } output { csv { path => "/usr/share/logstash/00359402.csv" fields => "message" file_mode => 0222 } }' --log.level=debug ; umask 0022
result was a file with correct rights:
--w--w--w-. 1 root root 52 Jul 4 16:27 /usr/share/logstash/00359402.csv
So one solution can be, that the documentation page documents that.
Another solution can be, that Systemd could set umask for logstash, but this is not a good solution.
vim /etc/systemd/system/multi-user.target.wants/logstash.service
[Service]
UMask=0000
3rd solution could be, that another Ruby solution will be established for that.
I could not reproduce this bug under RHEL7
jruby/jruby#3426
/usr/share/logstash/bin/logstash --interactive irb
under user root: puts File.umask 18 => nil
under user logstash: puts File.umask 2 => nil