Search code examples
pythonloggingsystemd

Log permissions on boot

I have a SystemD service that loads at boot (runs a python script). Sometimes, I get permission errors with the script trying to access the log file.

Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:     from streamStatus import StreamStatus
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:   File "/var/www/html/EncoderAdmin/streamStatus.py", line 10, in <module>
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:     logHandler = TimedRotatingFileHandler("/var/www/html/EncoderAdmin/stream_status.log", when="midnight", backupCount=10)
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:   File "/usr/lib/python2.7/logging/handlers.py", line 171, in __init__
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:     BaseRotatingHandler.__init__(self, filename, 'a', encoding, delay)
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:   File "/usr/lib/python2.7/logging/handlers.py", line 64, in __init__
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:     logging.FileHandler.__init__(self, filename, mode, encoding, delay)
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:   File "/usr/lib/python2.7/logging/__init__.py", line 913, in __init__
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:     StreamHandler.__init__(self, self._open())
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:   File "/usr/lib/python2.7/logging/__init__.py", line 943, in _open
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]:     stream = open(self.baseFilename, self.mode)
Sep 30 14:47:53 Fresno2-encoder manager.py[1266]: IOError: [Errno 13] Permission denied: '/var/www/html/EncoderAdmin/stream_status.log'

When this happens, I noticed that the log file was created as root, but my script is being run as a user. Do I need to add the User= option to my SystemD service to ensure that the log file gets created as the right user everyday?

EDIT: To clarify some more, this log is configured for a Python class and methods. This method is called from two different other python methods. One is run as root and the other is as the user. Not sure how to instantiate them differently.

Solution

  • You may also play with group permissions (add user to a group and make sure the logfile is created with this group as owner and group read/write permissions).