Log directory location
-
I see some strange behaviors if I change the log location in config.php to something different than /var/log/z-push
Currently I have: define(‘LOGFILEDIR’, ‘/var/log/z-push/’);
with the log directory: drwxr-x—. 2 nginx nginx 102 Nov 12 02:22 z-pushIf I change to: define(‘LOGFILEDIR’, ‘/var/log/zzz-push/’);
with the log directory: drwxr-x—. 2 nginx nginx 102 Nov 12 02:22 zzz-pushI get the error in the nginx error log
[error] 1005#0: *9423 FastCGI sent in stderr: "PHP message: PHP Warning: touch(): Unable to create file /var/log/zzz-push/z-push.log because Permission denied in /usr/share/z-push/lib/core/zpush.php on line 249"which tells me that the directory is not writable by php.
I went into /etc/php-fpm.d/www.conf which the stock conf file and I tweaked the permissions:; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many ; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0666 listen.owner = nginx listen.group = nginx ;listen.mode = 0666 ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. ; RPM: apache Choosed to be able to access some dir as httpd user = nginx ; RPM: Keep a group allowed to write in log dir. group = nginxAt this point I don’t get any errors in the nginx log but z-push shows it’s receiving/sending (from z-push-top) but nothing really moves and nothing gets recorded in the z-push log directory.
All goes to normal if I move back z-push log to it’s original location /var/log/z-push
… Is it something wrong with my php settings or it is something wrong with the z-push php coding ? Anybody can try to move the z-push log file to somewhere different from std ?
I am on Centos7, Z-push 3.8, selinux disabled, nginx and php-fpm
-
Hi milauria,
I’ve tested changing the LOGFILEDIR on my local test system with nginx and it worked as expected. It’s a debian though. On my system I set the LOGFILEDIR permissions to www-data which is also the nginx user. In www.conf of fpm listen.owner and listen.group are also www-data.
Is your nginx user also called nginx? You can check that in /etc/nginx/nginx.conf. Did you restart nginx and fpm after changing the config (it shouldn’t actually be necessary but who knows)?
Manfred
-
I am starting to see that many of my problems are related to selinux (that I would like to keep active)
I see there is a “zarafa” selinux module loaded that probably refers to the apache user.
As I am under nginx … is it somewhere the selinux policy source file (should be a .te file) that I can edit?
Or better … should we move this topic under the z-push nginx to see if a “zarafa-for-nginx” selinux module should be built ?
-
I guess otherwhise I need to run nginx and php-fpm not as “nginx:nginx” (stock username created by nginx) but as “apache:apache” (the stock username created by z-push with httpd) …
-
Hi milauria,
I don’t know anything about zarafa selinux module (or building modules for selinux in general). For it or kopano selinux module it’d make more sense to post in the General Discussion/Development part of the forum.
@milauria said in Log directory location:
I guess otherwhise I need to run nginx and php-fpm not as “nginx:nginx” (stock username created by nginx) but as “apache:apache” (the stock username created by z-push with httpd) …
That would be my guess too if you want to get it working that way fast.
Manfred
-
Still studying the situation … I saw listed the zarafa module into selinux, not sure if selinux loaded from iots repository or z-push created it
Also it might be that when installing nginx also the selinux policy should have been created with “semanage permissive -d httpd_t”
[https://www.getpagespeed.com/server-setup/nginx/nginx-selinux-configuration](link url)work in progress but it’s definitively there the issue, thanks !
