Owner and group of pihole.log

denk_mal · July 31, 2017, 8:27am

Hi there,

I have installed pihole on my zbox with devuan 1.0 last weekend and hat some trouble to get it running up.
After I recognized , that I have to create some files manually (black.list, local.list) as there were missing by pihole
the system is now up and running.
(Pi-hole Version v3.1.4 Web Interface Version v3.1 FTL Version v2.9.4)

Only one thing is not working; The pihole.log can't be displayed by the web interface because of missing access rights.
the pihole.log is owned by user dnsmasq (rw) and group root (r). After adding read access to world the webinterface can read the logfile but on the next logrotate this will fail again.

What users are the processes using ? (pihole-FTL => root ?, pihole => dnsmasq ? )
can I change this and if if so, how would I change this?

thanks

Mcat12 · July 31, 2017, 10:13pm

The pihole user needs to be able to read the file. Use the chown command.

denk_mal · August 1, 2017, 1:49pm

I've set it to www-data for now (process owner of lighttpd) but will the next logrotate revert my settings ?

Mcat12 · August 1, 2017, 2:01pm

I don't think it would. Try pihole -f to flush it and see if it still works.

denk_mal · August 3, 2017, 8:49am

no this wont help. Even harder pihole-FTL wont't startup due to the wrong owner of /var/log/pihole.log.
But I have changed the su line in the logrotate from root to pi-hole and after an manual logrotate it seems to work now again.

Is the logrotate config file in /etc/pihole the correct file for logrotate or do I have to copy this to another place?

Mcat12 · August 3, 2017, 3:33pm

That file should be correct. Run ls -al /var/log/pihole.log and share the output.

denk_mal · August 3, 2017, 8:17pm

the newer (correct) files were with the changed logrotate file

-rw-r--r-- 1 pihole   pihole  160026 Aug  3 21:31 pihole-FTL.log
-rw-r--r-- 1 pihole   pihole   31403 Aug  3 00:00 pihole-FTL.log.1
-rw-rw-rw- 1 root     root       964 Aug  2 00:00 pihole-FTL.log.2.gz
-rw-rw-rw- 1 root     root       940 Aug  1 00:00 pihole-FTL.log.3.gz
-rw-r----- 1 pihole   pihole 3561138 Aug  3 22:10 pihole.log
-rw-r----- 1 dnsmasq  root   6480574 Aug  3 00:00 pihole.log.1
-rw-r----- 1 www-data root    353495 Aug  2 00:00 pihole.log.2.gz
-rw-r----- 1 pihole   root    286208 Aug  1 00:00 pihole.log.3.gz

Mcat12 · August 6, 2017, 5:48pm

The permissions should look like this:

-rw-r--r-- 1 dnsmasq root 1.4M Aug  6 13:47 /var/log/pihole.log

denk_mal · August 6, 2017, 6:52pm

yes, I known but this is handled by logrotate and should be set there. It make no sense to set this by hand until you would do this after every logrotate
from the logrotate man page:

   create mode owner group, create owner group
          Immediately  after  rotation  (before the postrotate script is run) the log file is created (with the same name as the log file just rotated).  mode specifies the mode for
          the log file in octal (the same as chmod(2)), owner specifies the user name who will own the log file, and group specifies the group the log file will belong  to.  Any  of
          the  log file attributes may be omitted, in which case those attributes for the new file will use the same values as the original log file for the omitted attributes. This
          option can be disabled using the nocreate option.

Mcat12 · August 6, 2017, 9:26pm

Our log rotate script does not include those options, so therefore the current permissions do matter:

Any of the log file attributes may be omitted, in which case those attributes for the new file will use the same values as the original log file for the omitted attributes.