edge-control: audit log silently never writes — file mode 0640 + group disinto-register denies the writer #1109
Labels
No labels
action
backlog
blocked
bug-report
cannot-reproduce
in-progress
in-triage
needs-triage
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
rejected
reproduced
tech-debt
underspecified
vision
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: disinto-admin/disinto#1109
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Problem
Follow-up to #836. The audit log is wired up correctly in
register.shbut the file permissions installed byinstall.shmake every write fail silently.tools/edge-control/install.shcreates the log file as0640 root:disinto-register:tools/edge-control/register.shruns as thedisinto-registeruser (forced SSH command). Mode0640grants that user's group only read — group write is denied. The append atregister.sh:83-85is wrapped in a non-fatal warning:Result: every register/deregister silently fails to write. The
[WARN]goes to stderr, which SSH clients typically discard for forced commands, so nobody notices. The audit-log feature is dark.The logrotate config installed alongside (
/etc/logrotate.d/disinto-edge) usescreate 0640 root disinto-register, perpetuating the problem after every rotation.Proposal
Pick one of:
install.shand the logrotatecreateline to0660 root:disinto-register. Group can append; root still owns rotation. Simplest fix.disinto-register:disinto-register, keep0640. Tighter perms but moves audit-log ownership to the same identity that writes it (slightly weaker integrity story).Option 1 is the smaller change and matches the implicit threat model (root is trusted; the writer is the disinto-register user; we want both able to write/rotate).
Acceptance
registerandderegisterover SSH produces lines in/var/log/disinto/edge-register.log.disinto-register.Ported from Codeberg https://codeberg.org/johba/disinto/issues/838. Any
#NNNreferences in the body above point to Codeberg issue numbers, not internal Forgejo numbers.Blocked — issue #1109
ci_timeout2026-04-21T12:49:53Z