使用错误权限创建的 Laravel 每日日志 [英] Laravel daily log created with wrong permissions

问题描述

我有一个使用 php artisan(使用 root 用户)运行的脚本，有时它会导致在 apache www-data 之前创建每日日志文件用户会 - 这意味着当真实用户使用我的 Web 应用程序时，我会收到文件夹权限错误:

I have a script that I run using php artisan (with root user), and sometimes it causes the daily log file to be created before the apache www-data user does - which means that when a real user uses my web application, I get the folder permission error:

无法打开流:权限被拒绝

Failed to open stream: Permission denied

我每次都将权限改回 www-data，但我想通过始终使用正确权限创建日志文件来解决此问题.

I change the permissions back to www-data everytime but I want to solve this by having the log file always created with the correct permissions.

我考虑过创建一个 cron 作业来创建文件或对其进行处理以确保它每天都具有正确的权限，但我正在寻找一种不依赖于其他脚本的更好的解决方案.

I've considered creating a cron job that creates the file or touches it to make sure it has the right permission everyday, but I'm looking for a better solution that doesn't rely on another script.

我们还考虑将 php artisan 包装在另一个脚本中，以确保它始终使用 www-data 凭据运行，但我们想要做的事情实际上是 root 不应允许 apache 执行的程序.

We've also considered wrapping php artisan in another script to make sure that it is always run with the www-data credentials, but somethings that we want to do are actually root procedures that apache should not be allowed to do.

还有什么建议吗?

推荐答案

重要提示 这个答案与 laravel 5.5+ 不兼容.请查看此答案:使用 laravel5.6 自定义(动态)日志文件名

IMPORTANT This answer is incompatible with laravel 5.5+. Please see this answer: Custom (dynamic) log file names with laravel5.6

让我们从不变的开始.

你有一个 php artisan 命令，由 root 运行.

You have a php artisan command, run by root.

假设这个命令每天执行一次是安全的.

It is safe to assume that this command is executed daily.

解决方案 1:

鉴于创建文件的用户默认是具有写入权限的用户，我们可以按用户将日志分开:

Given that the user that creates the files is the one that has the permission to write to it by default, we can separate the logs by user as such:

App/start/global.php

/*
|--------------------------------------------------------------------------
| Application Error Logger
|--------------------------------------------------------------------------
|
| Here we will configure the error logger setup for the application which
| is built on top of the wonderful Monolog library. By default we will
| build a basic log file setup which creates a single file for logs.
|
*/

Log::useDailyFiles(storage_path().'/logs/laravel-'.posix_getpwuid(posix_geteuid())['name'].'.log');

如果您的 www-data 用户要创建错误日志，则会导致:storage/logs/laravel-www-data-2015-4-27.log.

If your www-data user were to create an error log, it would result in: storage/logs/laravel-www-data-2015-4-27.log.

如果您的 root 用户要创建错误日志，则会导致:storage/logs/laravel-root-2015-4-27.log.

If your root user were to create an error log, it would result in: storage/logs/laravel-root-2015-4-27.log.

解决方案 2:

在 php 脚本中更改 artisan 命令使用的日志.

Change the log used by your artisan command, in your php script.

在您的 run() 函数中，在开头添加这一行:

In your run() function, add this line at the start:

Log::useFiles(storage_path().'/logs/laravel-'.__CLASS__.'-'.Carbon::now()->format('Y-m-d').'.log');

如果您的班级名称是 ArtisanRunner，那么您的日志文件将是:

If your class's name is ArtisanRunner, then your log file will be:

storage/logs/laravel-ArtisanRunner-2015-4-27.log.

结论:解决方案 1 更好，因为它按用户描述了您的日志，因此不会发生错误.

Conclusion: Solution number 1 is better, given that it delineates your logs by user, and hence no errors will occur.

正如 jason 所指出的，get_current_user() 返回脚本的所有者名称.因此，要应用解决方案 1，请将您的工匠类文件 chown 设置为所需的用户名.

As pointed out by jason, get_current_user() returns the script's owner name. Hence, for solution no.1 to apply, chown your artisan class files to the required username.

这篇关于使用错误权限创建的 Laravel 每日日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！