Created attachment 247486 [details] Set caddy_log ownership to caddy_user Bug 273181 proposes changing Caddy to be run as a non-root user. The referenced wiki page (https://wiki.freebsd.org/ThomasHurst/Caddy) has a call-out: > caddy_logfile (default /var/log/caddy/caddy.log) is a redirection of caddy console output, which will be opened by the rc(8) script as root:wheel. An additional consequence to this is that failures messages can't be written to that file. Would it be reasonable to change the caddy_logfile permissions so that it's owned by caddy_user? Thank you for the consideration/attention.
Great catch! Yes, caddy.log absolutely should be owned by whatever caddy is running as.
(In reply to Mike Fisher from comment #0) I just ran into this as well. You can change this to "effects many people".
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=5c6886afad6f39c5c0a9f8b8ccd16cea8cad8504 commit 5c6886afad6f39c5c0a9f8b8ccd16cea8cad8504 Author: Mike Fisher <mfisher911@gmail.com> AuthorDate: 2024-01-21 13:04:55 +0000 Commit: Adam Weinberger <adamw@FreeBSD.org> CommitDate: 2024-01-21 13:08:10 +0000 www/caddy{,-custom}: chown caddy.log to caddy user/group We have set caddy.log to root:wheel, which works for the default case of running caddy as root. When caddy is run as a non-root users, caddy.log can't actually be written to. Instead, chown caddy.log to the caddy user/group so that it can be written to. PR: 276150 www/caddy-custom/Makefile | 2 +- www/caddy-custom/files/caddy.in | 4 ++-- www/caddy/Makefile | 2 +- www/caddy/files/caddy.in | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-)
Committed. Thanks, Mike! Again, this was a great catch.