Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: backward7 on August 18, 2024, 05:06:18 AM

Title: Nginx Plugin Fails to Modify Log Folder Due to Ownership
Post by: backward7 on August 18, 2024, 05:06:18 AM
I'm encountering an issue where the ownership of the Nginx log folder (/var/log/nginx) changes to root:wheel after each reboot.

Due to this change in ownership, the Nginx plugin cannot modify the log folder, which creates several issues.
(unable to parse logs through crowdsec, error log gets flooded with error 13: permission denied)

I have noticed that if I manually change the ownership of the log folder to a lower privilege level, which is www:wheel, the problem is resolved and everything functions correctly.

But it reverts to root:wheel whenever I reboot the system.

I'm trying to understand where this issue is originated from. Is there a particular script or configuration within OPNsense that is resetting the ownership of this folder to root:wheel after a reboot? Any insights or guidance on how to fix this issue would be greatly appreciated.

OpnSense 24.7.1
Nginx 1.34
Title: Re: Nginx Plugin Fails to Modify Log Folder Due to Ownership
Post by: gdur on August 21, 2024, 10:24:05 AM
I encounter the same problem as it looks like.
I had lots of (13: Permission denied) entries in /var/log/nginx/latest.log and after altering the rights of the /var/log/nginx folder those entries were gone and log lines were stored properly in the belonging log files.
You wrote that the /var/log/nginx rights were root:wheel that differs from mine which were root:staff.
Log entries are written by nginx as user www which is as expected. I haven't tried a reboot yet but if the case is that this is changed back after every reboot that would be very inconvenient.
Title: Re: Nginx Plugin Fails to Modify Log Folder Due to Ownership
Post by: backward7 on August 25, 2024, 09:49:17 AM
Quote from: gdur on August 21, 2024, 10:24:05 AM
I encounter the same problem as it looks like.
I had lots of (13: Permission denied) entries in /var/log/nginx/latest.log and after altering the rights of the /var/log/nginx folder those entries were gone and log lines were stored properly in the belonging log files.
You wrote that the /var/log/nginx rights were root:wheel that differs from mine which were root:staff.
Log entries are written by nginx as user www which is as expected. I haven't tried a reboot yet but if the case is that this is changed back after every reboot that would be very inconvenient.

https://github.com/opnsense/plugins/issues/4186

Here, take a look at this.
Text only | Text with Images