Skip to content

clarify file_mode and dir_mode #23

New issue
New issue
Open
Open
clarify file_mode and dir_mode#23
@colinsurprenant

Description

@colinsurprenant
colinsurprenant
opened on Mar 26, 2020

Retranscripting a user's investigation:

Under documentation for CSV is a documentation for file_mode:
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-csv.html#plugins-outputs-csv-file_mode
There is the sentence:
File access mode to use. Note that due to the bug in jruby system umask is ignored on linux: jruby/jruby#3426 Setting it to -1 uses default OS value. Example: "file_mode" => 0640

In my opinion this documentation about file_mode and dir_mode as well is not true.
I did some tests with filemask:
/usr/share/logstash/bin/logstash --config.string 'input { stdin { } } output { csv { path => "/usr/share/logstash/00359402.csv" fields => "message" file_mode => 0000 } }' --log.level=debug

And result was this table:
0000 ----------.
0001 ---------x.
0002 ----------.
0003 ---------x.
0004 -------r--.
0005 -------r-x.
0006 -------r--.
0007 -------r-x.
Under RHEL7 umask for root is 0022.

I found this documentation about the ruby File method:
http://www.ruby-doc.org/core-2.1.2/File.html#method-c-new
which essentially says that ruby uses system call with open and chmod, which essentially says umask is always ignored regarding the bit that is set.
https://www.linuxnix.com/umask-define-linuxunix/
Umask values are subtracted from the default permissions, so a umask of 0222 would make a file read-only for everyone.

So if root default is 0022 which means that for group and other is always read-only, which is exactly what is happening here.

So I tested to set umask to 0000:

   umask 0000 ; /usr/share/logstash/bin/logstash --config.string 'input { stdin { } } output {   csv { path => "/usr/share/logstash/00359402.csv" fields => "message" file_mode => 0222 }   }' --log.level=debug ; umask 0022

result was a file with correct rights:

--w--w--w-. 1 root root 52 Jul  4 16:27 /usr/share/logstash/00359402.csv

So one solution can be, that the documentation page documents that.

Another solution can be, that Systemd could set umask for logstash, but this is not a good solution.
vim /etc/systemd/system/multi-user.target.wants/logstash.service

      [Service]
      UMask=0000

3rd solution could be, that another Ruby solution will be established for that.

I could not reproduce this bug under RHEL7
jruby/jruby#3426

/usr/share/logstash/bin/logstash --interactive irb
under user root:           puts File.umask      18 => nil
under user  logstash:   puts File.umask        2 => nil

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions