Why most services use non-root account could create logfile in /var/log?

systemd service

If you want service to be able to create log files on the fly, while creating the service, you can create a directory under /var/log and set the owner to service account

mkdir /var/log/myservice/
chown myservice:myservice /var/log/myservice/
chmod 755 /var/log/myservice/

For instance this is the case for nginx. After the first creation, logrotate can take care of file ownership. In centos8, /etc/logrotate.d/nginx looks like: (see second line)

/var/log/nginx/*log {
    create 0664 nginx root
    daily
    rotate 10
    missingok
    notifempty
    compress
    sharedscripts
    postrotate
        /bin/kill -USR1 `cat /run/nginx.pid 2>/dev/null` 2>/dev/null || true
    endscript
}

When you look at logfiles, you'll see only the actual log file is owned by nginx, and rotated ones by root.

$ ls -l /var/log/nginx/
total 8
-rw-rw-r--. 1 nginx root    0 Aug 29  2020 access.log
-rw-r--r--. 1 root  root 3441 Aug 27  2020 access.log-20200829.gz
-rw-rw-r--. 1 nginx root    0 Aug 29  2020 error.log
-rw-r--r--. 1 root  root  658 Aug 27  2020 error.log-20200829.gz

If you want files to be directly in /var/log, again you'd have to create them once as root and set owner.

Related

Delete old windows print jobs
Debian - Postfix rejecting user (User unknown in local recipient table (in reply to RCPT TO command))
Is there a keyboard shortcut to start a screensaver?
How to disable blinking caret when editing text in OS X?
Is there any way to use the Room Finder without any Room Lists?
How can I tunnel an entire Virtual Machine through Tor?
How can I Change Netbeans' Highlight Color?
Which is better between a .flv and a .mp4 video files with same encoding?
Is it possible to save conditional formatting rules for reuse in a new workbook?
emacs info mode: back to previous page
How can I modify the "Picture Styles" shortcut gallery in Microsoft Office (Word and Powerpoint, specifically)?
linux-compatible 802.11ac usb-adapter chipset [closed]