Log directory location

I see some strange behaviors if I change the log location in config.php to something different than /var/log/z-push

Currently I have: define(‘LOGFILEDIR’, ‘/var/log/z-push/’);
with the log directory: drwxr-x—. 2 nginx nginx 102 Nov 12 02:22 z-push

If I change to: define(‘LOGFILEDIR’, ‘/var/log/zzz-push/’);
with the log directory: drwxr-x—. 2 nginx nginx 102 Nov 12 02:22 zzz-push

I get the error in the nginx error log

[error] 1005#0: *9423 FastCGI sent in stderr: "PHP message: PHP Warning:  touch(): Unable to create file /var/log/zzz-push/z-push.log because Permission denied in /usr/share/z-push/lib/core/zpush.php on line 249"

which tells me that the directory is not writable by php.
I went into /etc/php-fpm.d/www.conf which the stock conf file and I tweaked the permissions:

; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
;                 mode is set to 0666
listen.owner = nginx
listen.group = nginx
;listen.mode = 0666

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;	will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

At this point I don’t get any errors in the nginx log but z-push shows it’s receiving/sending (from z-push-top) but nothing really moves and nothing gets recorded in the z-push log directory.

All goes to normal if I move back z-push log to it’s original location /var/log/z-push

… Is it something wrong with my php settings or it is something wrong with the z-push php coding ? Anybody can try to move the z-push log file to somewhere different from std ?

I am on Centos7, Z-push 3.8, selinux disabled, nginx and php-fpm

Hi milauria,

I’ve tested changing the LOGFILEDIR on my local test system with nginx and it worked as expected. It’s a debian though. On my system I set the LOGFILEDIR permissions to www-data which is also the nginx user. In www.conf of fpm listen.owner and listen.group are also www-data.

Is your nginx user also called nginx? You can check that in /etc/nginx/nginx.conf. Did you restart nginx and fpm after changing the config (it shouldn’t actually be necessary but who knows)?

Manfred

I am starting to see that many of my problems are related to selinux (that I would like to keep active)

I see there is a “zarafa” selinux module loaded that probably refers to the apache user.

As I am under nginx … is it somewhere the selinux policy source file (should be a .te file) that I can edit?

Or better … should we move this topic under the z-push nginx to see if a “zarafa-for-nginx” selinux module should be built ?

I guess otherwhise I need to run nginx and php-fpm not as “nginx:nginx” (stock username created by nginx) but as “apache:apache” (the stock username created by z-push with httpd) …

Hi milauria,

I don’t know anything about zarafa selinux module (or building modules for selinux in general). For it or kopano selinux module it’d make more sense to post in the General Discussion/Development part of the forum.

@milauria said in Log directory location:

I guess otherwhise I need to run nginx and php-fpm not as “nginx:nginx” (stock username created by nginx) but as “apache:apache” (the stock username created by z-push with httpd) …

That would be my guess too if you want to get it working that way fast.

Manfred

Still studying the situation … I saw listed the zarafa module into selinux, not sure if selinux loaded from iots repository or z-push created it

Also it might be that when installing nginx also the selinux policy should have been created with “semanage permissive -d httpd_t”
[https://www.getpagespeed.com/server-setup/nginx/nginx-selinux-configuration](link url)

work in progress but it’s definitively there the issue, thanks !