Re: Best practice to allow a program to write its logs

To: debian-user@lists.debian.org
Subject: Re: Best practice to allow a program to write its logs
From: Reco <recoverym4n@enotuniq.net>
Date: Sun, 12 Apr 2020 18:56:17 +0300
Message-id: <[🔎] E1jNey1-0002Ge-IB@enotuniq.net>
In-reply-to: <[🔎] M4itup1--3-2@tuta.io>
References: <M0msswX--3-2@tuta.io> <E1j5ue7-0001bN-JP@enotuniq.net> <M0nTwCl--3-2@tuta.io> <E1j5xXq-0001fe-CN@enotuniq.net> <[🔎] M4itup1--3-2@tuta.io>

	Hi.

On Sun, Apr 12, 2020 at 05:00:09PM +0200, l0f4r0@tuta.io wrote:
> Hi,
> 
> Oops, I didn't answer to that, sorry...

No big deal. This is a maillist, we have nothing to hurry here :)

> > It all works - conventional POSIX permissions, ACLs, xattrs, SELinux
> > Labels, etc. Until you try to restore from a backup :)
> >
> What do you mean please? Why does the backup would pose a problem when restored?

Both cpio and tar do not save xattrs and SELinux labels. The very
archive format does not allow it.
There were some experimental RedHat patches for that, but they never
made it to the upstream.
There are also similar deficiencies in rsync (although it is better in
this regard).

And these three (cpio, tar, rsync) are the cornerstones of just
about any backup tools that Debian main provides.

Of course, there's dump(8) which *does* account for all these filesystem
oddities, but it's ext4-specific by definition and is not that popular.

All this applies to the backups of / and /var, mainly. Your typical
$HOME is usually free from all these advanced attributes.

> >> You mean for this use case writing into /var/log/msmtp?
> >> Actually, I don't really know why but I've decided to write user
> >> specific configuration with appropriate logs.  So my conf is not in
> >> /etc/msmtprc but in ~/.msmtprc and logging is in the same vein inside
> >> ~/.msmtp.log.
> >
> > My advice to you then - don't do this.
> > Best are not the logs that are written often or are verbose, and even
> > not those are written in a convenient filesystem locations.
> > Best are the logs which contain the problem, but do not contain assorted
> > junk (implies logs filtering), 
> >
> How to you filter your logs? Directly by tweaking severities in (r)syslog(-ng).conf?

Personally I prefer rsyslog configuration files for this.
If you prefer syslog-ng - it should have similar filtering capabilities.

> > are small (implies periodic rotation)
> >
> logrotate I presume?

Yep. There's no need to reinvent the wheel here.

> > and, the most importantly, are stored not only on your host, but
> > elsewhere, preferrably in a centralized and indexed way.
> >
> Via (r)syslog(-ng)?

Yup. A single setting like this (rsyslog style):

*.info  @rsyslog.home

Implies running syslog daemon that's listening udp:514 at rsyslog.home.

> > A false dichotomy. Why reinventing a wheel with custom logging if they
> > given you that "--syslog=on" option?
> >
> I didn't notice that, thanks! :)
> So you recommend not specifying any logfile in /etc/msmtprc but just use switch "--syslog=on" everytime msmtp is used? Maybe this can be viewed as a constraint as one should remember to use that option... (except by using some trick as an alias)

Yes, I do.

> > Ah, that's not a real MTA. My mistake.
> > A quick look at postinst script gives me:
> >
> > chgrp msmtp /usr/bin/msmtp
> > chmod 2755 /usr/bin/msmtp
> >
> In a nutshell, an application triggers actions under the identity of who launched it initially, except if the application makes use of a specific technical account, right?
> If so what is the best way to know if an application operates under a specific account?

Reading postinst (possibly preinst) from the package never failed me so
far.

Reco

Reply to:

References:
- Re: Best practice to allow a program to write its logs
  - From: l0f4r0@tuta.io

Prev by Date: Re: Debian is testing Discourse
Next by Date: Re: Debian is testing Discourse
Previous by thread: Re: Best practice to allow a program to write its logs
Next by thread: Question Regarding sources.list
Index(es):
- Date
- Thread