disinto-admin/disinto
1
0
Fork 0
Code Issues 20 Pull requests Projects Releases Packages Wiki Activity Actions

fix: edge-control: audit log silently never writes — file mode 0640 + group disinto-register denies the writer (#1109)
Some checks failed
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/edge-subpath Pipeline failed
Details

Browse source 
Change log file mode from 0640 to 0660 so the disinto-register group
(which the writer runs under) has write permission. Apply the same fix
to the logrotate create directive so rotated files remain writable.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Claude 2026-04-21 12:19:25 +00:00
parent 0d61819184
commit 1c8916d28a
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tools/edge-control/install.sh
View file

@ -181,7 +181,7 @@ chmod 0750 "$LOG_DIR"
# Touch the log file so it exists from day one # Touch the log file so it exists from day one
touch "$LOG_FILE" touch "$LOG_FILE"
chmod 0640 "$LOG_FILE" chmod 0660 "$LOG_FILE"
chown root:disinto-register "$LOG_FILE" chown root:disinto-register "$LOG_FILE"
# Install logrotate config (daily rotation, 30 days retention) # Install logrotate config (daily rotation, 30 days retention)
@ -194,7 +194,7 @@ ${LOG_FILE} {
delaycompress delaycompress
missingok missingok
notifempty notifempty
create 0640 root disinto-register create 0660 root disinto-register
copytruncate copytruncate
} }
EOF EOF