Best practice to allow a program to write its logs
Hi,
What is the best practice please to allow a program to write its logs into my home folder?
So far for example, I've configured msmtp to write logs into /home/l0f4r0/.msmtp.log.
By default, msmtp doesn't have any write permission for this file so I have managed this case by affecting msmtp group to /home/l0f4r0/.msmtp.log:
namei -l /home/l0f4r0/.msmtp.log
f: /home/l0f4r0/.msmtp.log
drwxr-xr-x root root /
drwxr-xr-x root root home
drwxr-xr-x l0f4r0 l0f4r0 l0f4r0
-rw-rw---- l0f4r0 msmtp .msmtp.log
But I could have done it differently:
1) via ACL: setfacl -m u:msmtp:rw /home/l0f4r0/.msmtp.log [OR] setfacl -m g:msmtp:rw /home/l0f4r0/.msmtp.log
2) via group management: sudo adduser msmtp l0f4r0
X) probably other ways...
1) is powerful, especially if multiple groups need to share same accesses but I try to avoid ACLs as they are less straightfoward to keep track of (one needs getfacl to get the details as those permissions are not shown by default)
2) is probably not recommended as it gives lots of permissions to msmtp...
Is there a good practice out there? Maybe one I haven't listed?
_NB_: by the way, does anybody have a tip to know what user account is used during a specific command please? For example when using
echo -e "Subject: mySubject\nThis is myBody" | msmtp my_email_address
how can I know for sure which service/technical account is used for writing msmtp logs?
Of course for this one I know already the answer because I've noticed that user account msmtp has been added to /etc/passwd during the software installation but maybe somtimes it will be trickier so is there a generic tip please?
Thanks in advance for your feedback :)
Best regards,
l0f4r0
Reply to: