Django log rotating and log file ownership

Question

I have a django 1.4.2 application logging going to a rotating files. In my settings.py I have:

LOGGING = {
'version': 1,
'disable_existing_loggers': True,
'formatters': {
    'standard': {
        'format': '%(asctime)s [%(levelname)s] %(name)s: %(message)s'
    },
},
'handlers': {
    'default': {
        'level':'DEBUG',
        'class':'logging.handlers.RotatingFileHandler',
        'filename': '/var/www/html/logs/mylog.log',
        'maxBytes': 1024*1024*5, # 5 MB
        'backupCount': 5,
        'formatter':'standard',
    },
    'request_handler': {
            'level':'DEBUG',
            'class':'logging.handlers.RotatingFileHandler',
            'filename': '/var/www/html/logs/django_request.log',
            'maxBytes': 1024*1024*5, # 5 MB
            'backupCount': 5,
            'formatter':'standard',
    },
},
'loggers': {
    '': {
        'handlers': ['default'],
        'level': 'ERROR',
        'propagate': True
    },
    'django.request': { # Stop SQL debug from logging to main logger
        'handlers': ['request_handler'],
        'level': 'DEBUG',
        'propagate': False
    },
}

}

So in the logging directory I see the files:

mc.log
mc.log.1
mc.log.2
mc.log.3
mc.log.4
mc.log.5

When mc.log reach 5M the files are correctly rotated but the new mc.log is created with ownership root.root. Since apache is running under apache user, it cannot access anymore to the files and the application stops working. Any idea why the new log is created with root.root ownership instead of apache.apache?

Thanks

Answer 1

New files can be created if the user/group of the parent directory allows it. I believe you either need to change the owner of the directory, or add a group to the directory which includes apache users, or use some advanced technique such as ACL.

To test it out, try the following: Login as root. Switch to apache user. Try to create a file manually. Switch back to root, change the permissions/ownership of the folder, switch to apache user, try again. This should give you some more info about whether the script will fail while trying to create the file.

Finally, it is a bit counterintuitive, make sure that apache user somehow has the execute permission in that directory, otherwise it won't allow you to cd into that.

Also, I think you will need to set the "s" bit of the directory (chmod g+s or chmod 2755 etc), so that newly added files inherit the permissions of the directory. Then, you need to make sure that the group's s bit is set, and the group owns the directory. (or you can set the group of the directory to www-data).