I have set up this upstart script on a Amazon Ec2 Ubuntu 12.04 TLS instance for executing a node.js application. The script uses setuid and setgid.
It works fine without using setuid and setgid but when I use them if fails because the process can't write to /var/log/myapp.log (which is the path I want to use for logging) due to a permission denied error.
/proc/self/fd/9: 13: /proc/self/fd/9: cannot create /var/log/noommi.log: Permission denied
I'm using the default user "ubuntu" for executing the script which is the same user I log in to the machine (I know it would be better to user other user)
As I see ubuntu user belongs to adm group which is a group included in /var/log.
By executing ls -la (using "ubuntu" user) this is the result for var/log:
drwxr-xr-x 11 root root 4096 Oct 15 12:05 .
drwxr-xr-x 12 root root 4096 Oct 12 21:44 ..
This is the content of script /etc/init/myapp.conf:
description "start and stop myapp"
version "1.0"
author "Me!"
start on filesystem and started networking
respawn
env HOME=/home/ubuntu/myapp
#Run the script using ubuntu user instead of root.
setuid ubuntu
setgid ubuntu
script
export HOME=$HOME
chdir $HOME
env PATH=/usr/local/bin:/usr/bin:/bin
env NODE_ENV=development
exec /usr/bin/node server.js > /var/log/myapp.log 2>&1
end script
What should I do in order the script could write the log in /var/log?
