Bug 276150

Summary: www/caddy - caddy_logfile permissions change?
Product: Ports & Packages Reporter: Mike Fisher <mfisher911>
Component: Individual Port(s)Assignee: Adam Weinberger <adamw>
Status: Closed FIXED    
Severity: Affects Only Me CC: yonas.yanfa
Priority: --- Flags: bugzilla: maintainer-feedback? (adamw)
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Set caddy_log ownership to caddy_user none

Description Mike Fisher 2024-01-06 15:23:19 UTC 
Created attachment 247486 [details]
Set caddy_log ownership to caddy_user

Bug 273181 proposes changing Caddy to be run as a non-root user. The referenced wiki page (https://wiki.freebsd.org/ThomasHurst/Caddy) has a call-out:

> caddy_logfile (default /var/log/caddy/caddy.log) is a redirection of caddy console output, which will be opened by the rc(8) script as root:wheel.

An additional consequence to this is that failures messages can't be written to that file.

Would it be reasonable to change the caddy_logfile permissions so that it's owned by caddy_user?

Thank you for the consideration/attention.
Comment 1 Adam Weinberger freebsd_committer freebsd_triage 2024-01-10 12:00:07 UTC 
Great catch! Yes, caddy.log absolutely should be owned by whatever caddy is running as.
Comment 2 Yonas Yanfa 2024-01-20 23:38:07 UTC 
(In reply to Mike Fisher from comment #0)

I just ran into this as well. You can change this to "effects many people".
Comment 3 commit-hook freebsd_committer freebsd_triage 2024-01-21 13:09:15 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5c6886afad6f39c5c0a9f8b8ccd16cea8cad8504

commit 5c6886afad6f39c5c0a9f8b8ccd16cea8cad8504
Author:     Mike Fisher <mfisher911@gmail.com>
AuthorDate: 2024-01-21 13:04:55 +0000
Commit:     Adam Weinberger <adamw@FreeBSD.org>
CommitDate: 2024-01-21 13:08:10 +0000

    www/caddy{,-custom}: chown caddy.log to caddy user/group

    We have set caddy.log to root:wheel, which works for the default case
    of running caddy as root.

    When caddy is run as a non-root users, caddy.log can't actually be
    written to. Instead, chown caddy.log to the caddy user/group so that
    it can be written to.

    PR:             276150

 www/caddy-custom/Makefile       | 2 +-
 www/caddy-custom/files/caddy.in | 4 ++--
 www/caddy/Makefile              | 2 +-
 www/caddy/files/caddy.in        | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)
Comment 4 Adam Weinberger freebsd_committer freebsd_triage 2024-01-21 13:09:38 UTC 
Committed. Thanks, Mike! Again, this was a great catch.