Set Couchbase log files permission

I have the same question as this user. Is there a way to set the permission of the files in the log directory? The default permission is -rw-rw----, which is a problem for me since I want a service user to have read permissions to these logs, but I don’t want to add that user to the group that owns the directory.

I know that I can use chmod to change the current files’ permission. However, new log files would still have the original permission (-rw-rw----) and that’s not what I want. I don’t want to run chmod every time either.

Hi @ldn006 -

There isn’t a supported configuration option to allow the log files to be read by someone not in the couchbase user’s group. What you could do though is to change the group on the logs directory and specify a group that contains the user you want to allow to read the log files. Then run chgrp g+s on the logs directory - this sets the “set group ID” bit on the directory so that all files created in it subsequently will inherit the same group. If you already have files/sub-directories in the logs directory you’ll need to explicitly set the group on them – as the set group ID bit only applies to files newly created in this directory. Note that the logs directory is created by the installer; it won’t lose the set group ID bit during normal server operation, but you’ll need to remember to repeat this procedure if you re-install or upgrade.

Alternatively, a simpler change would be to change edit the couchbase-server script in /opt/couchbase/bin and change the umask 007 line to whatever suits your needs - something like umask 000 is likely to work. Note that a server restart is needed. Such a change would mean that all files created by the server will be readable by everyone and you might not wish to do this if you’re not comfortable adding the log reading service to the couchbase group.

Good luck!

-dave

Thank you Dave! Before seeing your reply. I looked into setting ACL for the logs dir. However, I finally went with your first suggestion. I added

chgrp [service_user] logs
chmod g+s logs

in my couchbase setup script and that solved the permission issue.

1 Like

Great! Thanks for letting us know it worked. :slight_smile: