Set php-fpm slow log file permissions

Question

I have a setup of php-fpm on CentOS 7 with each user having their own pool and log files. I want to make sure that each user is able to view their own log files.

This works great for the PHP error_log, which gets created with the same user/group owner as the php-fpm pool processes are running as.

Unfortunately, the PHP slowlog for each pool is created as 'root' with '600' permissions. Is there any way to configure php-fpm to create the slowlog file with the correct file owner and/or with configurable file permissions?

The following configuration:

user = some_user group = some_group php_admin_value[error_log] = path-to-logs/php-error.log php_admin_flag[log_errors] = on request_slowlog_timeout = 10s slowlog = path-to-logs/php-slow.log 

Results in the following file permissions in path-to-logs:

-rw-r--r-- 1 some_user some_group 7244 Mar 10 22:54 php-error.log -rw------- 1 root root 2307 Mar 9 20:21 php-slow.log 

Answer 1

As far as I know there is no way to set the ownership or permission level directly on configuration. A workaround is to force the initscript to set these permissions for you after restart.

In fact, a much better way would be to ensure that with the logrotate.d script which will otherwise change whatever you set on the initscript, if you decide (and you should) to rotate the slowlog.

It might seem strange that, despite defining the slow log in the pool level (which runs as the specified user) the slowlog is produced by the master process and thus owned by root.

There sould definitely be a setting in the config file to set permission level and ownership, similar to the one linked by @sandyskies-chan in the comment