Logger and file permissions


#1

Ruby and linux Nuby question about getting Logger library to work.

I’ve got a simple ruby script that is set up as the receptor of mail to
a particular address on my server (via postfix). This script is trying
to use Logger to write a log file. I’m trying to put the log file in a
subdirectory of the html directory (in other words, far removed from
where the ruby script lives). I have tried to set up a group that
includes ruby, the script, and the logger library as users and have set
the group of the destination directory to that group, and set up
permissions on that dir to 775. I continue to get the following error
in the mail admin bounce message

Command died with status 1:
“/usr/local/bin/rantilizer.rb”. Command output:
/usr/local/lib/ruby/1.8/logger.rb:541:in initialize': Permission denied - /home/[my domain directory here]/www/html/rants/myLog.log (Errno::EACCES) from /usr/local/lib/ruby/1.8/logger.rb:541:inopen’ from
/usr/local/lib/ruby/1.8/logger.rb:541:in create_logfile' from /usr/local/lib/ruby/1.8/logger.rb:536:inopen_logfile’ from
/usr/local/lib/ruby/1.8/logger.rb:497:in initialize' from /usr/local/lib/ruby/1.8/logger.rb:256:innew’ from
/usr/local/lib/ruby/1.8/logger.rb:256:in initialize' from /usr/local/bin/rantilizer.rb:5:innew’ from
/usr/local/bin/rantilizer.rb:5

This is on a REHL4 linux box. When I temporarily set the permissions of
the destination directory to 777, it all works just fine, but obviously
I don’t want to leave the permissions that way.

What is the right way to allow focused write permission to a ruby script
and its libraries? Am I on the right track but need to add some more
things to the group?

thanks,
jp


#2

On Jun 13, 2006, at 3:39 AM, Jeff P. wrote:

I have tried to set up a group that
includes ruby, the script, and the logger library as users

Um, groups include users (logins). A group or user is not per-file/
executable (unless you have setuid or setgid set). Are we maybe
confused about the Unix security model? You need to run ruby as a
user with access to that directory.


#3

Thanks Logan,
Yes “we” were confused (or rather poorly self educated) on the unix
security model. I found this to be a good explanation for a newbie such
as myself:
http://www.dsm.fordham.edu/~moniot/Classes/InternetWebF00/unix-security/unix-security.html

jp

Logan C. wrote:

On Jun 13, 2006, at 3:39 AM, Jeff P. wrote:

I have tried to set up a group that
includes ruby, the script, and the logger library as users

Um, groups include users (logins). A group or user is not per-file/
executable (unless you have setuid or setgid set). Are we maybe
confused about the Unix security model? You need to run ruby as a
user with access to that directory.