1
1
I am currently making an upstart job run as an unprivileged user like so:
start on started mongodb
stop on runlevel [06]
respawn
respawn limit 10 100
env NODE_ENV=production
pre-start script
ulimit -n 2048
end script
exec sudo -u mainuser /usr/bin/make -C /home/mainuser/app start-prod >> /home/mainuser/data/logs/app.log 2>> /home/mainuser/data/logs/app.err.log
This works good, with one exception: the log files app.log
and app.err.log
are being written as root (root becomes the owner of these files).
How do I ensure that the log files are written by the unprivileged mainuser
?
I don't think an unprivileged user can "steal" or chown a file owned by root. The
tee
hint is more interesting, but before I try to implement it I will wait and see if there are any better options available, if you don't mind. Maybe I should just modify my make script so that it will do the logging. – Tom – 2012-05-20T15:43:23.760@Tom: You run the above test as root in the upstart script, in the
pre-start script
section I would guess, before dropping privilege tomainuser
. Only root canchown
as well. – Daniel Andersson – 2012-05-20T15:50:05.590