I have a Django app which is configured to write db queries into a /tmp/db.log file.
"debug_console_to_file": {
"level": "DEBUG",
"filters": ["require_debug_true"],
"class": "logging.FileHandler",
"filename": "/tmp/db.log",
},
The application usually starts from a uwsgi server using www-data as a user.
However, sometimes I manually run it (with python manage.py) via my user - tvelichkov.
The problem is that when I try to start it from my user, I got a Permission denied error to /tmp/db.log file since www-data has already created it (removing the file can temporary fix the issue, but then the server will receive the same error, since now my user owns the file).
PermissionError: [Errno 13] Permission denied: '/tmp/db.log'
I've tried to add my user to www-data group
$ members www-data
www-data tvelichkov
I've also tried to give 777 file permissions to the file.
$ ls -l /tmp/db.log
-rwxrwsrwx 1 www-data www-data 22102 юли 30 15:25 /tmp/db.log
But I still keep getting this Permission denied error. Any help would be appreciated.
Note: I used to have no issues with this setup in Ubuntu 18.04, but now I have it in Ubuntu 20.04.
UPDATE: Here are the permissions of the /tmp/ folder, but note that this is after I ran chown root:root /tmp and chmod 777 /tmp as suggested by @adrian vera, BTW after this change seems like chmod 777 /tmp/db.log is working, because I no more get the Permission denied error. Is it possible that Ubuntu changed something for the /tmp/ folder between versions 18.04 and 20.04 ? Because I'm pretty sure I didn't change anything to this folder before running into this issue?
$ ls -l / | grep tmp
drwxrwxrwx 24 root root 4096 авг 3 10:19 tmp
Note2: I have one more machine with clean Ubuntu 20.04 install where I have this issue too, I will double check the permissions there too once I got home.
UPDATE2: So on a clean Ubuntu 20.04 install the permissions of the /tmp/ folder are:
$ ls -l / | grep tmp
drwxrwxrwt 23 root root 12288 авг 3 16:41 tmp
And this is how the /tmp/db.log look like:
$ ls -l /tmp/db.log
-rw-r--r-- 1 www-data www-data 0 авг 3 16:54 /tmp/db.log
$ sudo chmod 777 /tmp/db.log
$ ls -l /tmp/db.log
-rwxrwxrwx 1 www-data www-data 0 авг 3 16:54 /tmp/db.log
$ lsattr /tmp/db.log
--------------e----- /tmp/db.log
$ whoami
tvelichkov
$ getent group www-data
www-data:x:33:tvelichkov
$ python manage.py test --settings=cs.settings.test
Traceback (most recent call last):
File "/home/tvelichkov/.pyenv/versions/3.6.10/lib/python3.6/logging/config.py", line 565, in configure
handler = self.configure_handler(handlers[name])
File "/home/tvelichkov/.pyenv/versions/3.6.10/lib/python3.6/logging/config.py", line 738, in configure_handler
result = factory(**kwargs)
File "/home/tvelichkov/.pyenv/versions/3.6.10/lib/python3.6/logging/__init__.py", line 1032, in __init__
StreamHandler.__init__(self, self._open())
File "/home/tvelichkov/.pyenv/versions/3.6.10/lib/python3.6/logging/__init__.py", line 1061, in _open
return open(self.baseFilename, self.mode, encoding=self.encoding)
PermissionError: [Errno 13] Permission denied: '/tmp/db.log'
It looks like you have set particular user id as group ownership of file. (See s in rwxrwsrwx file permissions details.) That's why you are getting permission denied with tvelichkov username. You need to turn off user id and set group id in file ownership.
I would suggest that you should use same user to run and test application. That would avoid these kind of issues.
Probably, instead of deal with the permissions, in this case, it is a better idea to execute the script as the
www-datauser. This is standard approach which we use to run the maintenance scripts of some web apps like NextClud, MediaWiki, etc. You can do that by the help of thesudocommand: