Log directory location



  • I see some strange behaviors if I change the log location in config.php to something different than /var/log/z-push

    Currently I have: define(‘LOGFILEDIR’, ‘/var/log/z-push/’);
    with the log directory: drwxr-x—. 2 nginx nginx 102 Nov 12 02:22 z-push

    If I change to: define(‘LOGFILEDIR’, ‘/var/log/zzz-push/’);
    with the log directory: drwxr-x—. 2 nginx nginx 102 Nov 12 02:22 zzz-push

    I get the error in the nginx error log

    [error] 1005#0: *9423 FastCGI sent in stderr: "PHP message: PHP Warning:  touch(): Unable to create file /var/log/zzz-push/z-push.log because Permission denied in /usr/share/z-push/lib/core/zpush.php on line 249"
    

    which tells me that the directory is not writable by php.
    I went into /etc/php-fpm.d/www.conf which the stock conf file and I tweaked the permissions:

    ; Set permissions for unix socket, if one is used. In Linux, read/write
    ; permissions must be set in order to allow connections from a web server. Many
    ; BSD-derived systems allow connections regardless of permissions.
    ; Default Values: user and group are set as the running user
    ;                 mode is set to 0666
    listen.owner = nginx
    listen.group = nginx
    ;listen.mode = 0666
    
    ; Unix user/group of processes
    ; Note: The user is mandatory. If the group is not set, the default user's group
    ;	will be used.
    ; RPM: apache Choosed to be able to access some dir as httpd
    user = nginx
    ; RPM: Keep a group allowed to write in log dir.
    group = nginx
    

    At this point I don’t get any errors in the nginx log but z-push shows it’s receiving/sending (from z-push-top) but nothing really moves and nothing gets recorded in the z-push log directory.

    All goes to normal if I move back z-push log to it’s original location /var/log/z-push

    … Is it something wrong with my php settings or it is something wrong with the z-push php coding ? Anybody can try to move the z-push log file to somewhere different from std ?

    I am on Centos7, Z-push 3.8, selinux disabled, nginx and php-fpm


  • Kopano

    Hi milauria,

    I’ve tested changing the LOGFILEDIR on my local test system with nginx and it worked as expected. It’s a debian though. On my system I set the LOGFILEDIR permissions to www-data which is also the nginx user. In www.conf of fpm listen.owner and listen.group are also www-data.

    Is your nginx user also called nginx? You can check that in /etc/nginx/nginx.conf. Did you restart nginx and fpm after changing the config (it shouldn’t actually be necessary but who knows)?

    Manfred



  • I am starting to see that many of my problems are related to selinux (that I would like to keep active)

    I see there is a “zarafa” selinux module loaded that probably refers to the apache user.

    As I am under nginx … is it somewhere the selinux policy source file (should be a .te file) that I can edit?

    Or better … should we move this topic under the z-push nginx to see if a “zarafa-for-nginx” selinux module should be built ?



  • I guess otherwhise I need to run nginx and php-fpm not as “nginx:nginx” (stock username created by nginx) but as “apache:apache” (the stock username created by z-push with httpd) …


  • Kopano

    Hi milauria,

    I don’t know anything about zarafa selinux module (or building modules for selinux in general). For it or kopano selinux module it’d make more sense to post in the General Discussion/Development part of the forum.

    @milauria said in Log directory location:

    I guess otherwhise I need to run nginx and php-fpm not as “nginx:nginx” (stock username created by nginx) but as “apache:apache” (the stock username created by z-push with httpd) …

    That would be my guess too if you want to get it working that way fast.

    Manfred



  • Still studying the situation … I saw listed the zarafa module into selinux, not sure if selinux loaded from iots repository or z-push created it

    Also it might be that when installing nginx also the selinux policy should have been created with “semanage permissive -d httpd_t”
    [https://www.getpagespeed.com/server-setup/nginx/nginx-selinux-configuration](link url)

    work in progress but it’s definitively there the issue, thanks !


Log in to reply
 

Looks like your connection to Kopano Community Forum was lost, please wait while we try to reconnect.