Logging file's privileges always auto changed to 640?


#1

Steps to reproduce

1.nano /var/www/html/config/config.php
‘log_type’ => ‘owncloud’,
‘logfile’ => ‘/var/log/owncloud.log’,
‘loglevel’ => 2,
‘log_rotate_size’ => 104857600,

2.[root@cos-01 config]# chmod 644 /var/log/owncloud.log
[root@cos-01 config]# ls -alh /var/log/owncloud.log
-rw-r–r-- 1 apache apache 92K Aug 10 08:42 /var/log/owncloud.log

3.login as admin
tail -f /var/log/owncloud.log
{“reqId”:“W2zr5vwKo1FSBB0xD@XxQAAAAAk”,“level”:3,“time”:“2018-08-10T09:35:35+08:00”,“remoteAddr”:"******",“user”:"–",“app”:“no app in context”,“method”:“POST”,“url”:"/index.php/login",“message”:“User backend OC\User\Database is returning home: /home/ocdata//admin for user: admin which differs from existing value: /var/www/html/data/admin”}

[root@cos-01 conf.d]# ls -alh /var/log/owncloud.log
-rw-r----- 1 apache apache 92K Aug 10 09:35 /var/log/owncloud.log

the privilege of the log file auto restore to 640,and the same if put the log file under ocdata folder

Expected behaviour

for this situation , my zabbix can’t access the log file of owncloud because the user zabbix has no permission to the log file, even adding group apache to user zabbix , the zabbix program shows no persmission to the file

Actual behaviour

Tell us what happens instead

Server configuration

Operating system:CentOS Linux release 7.5.1804 (Core)

Web server: Apache

**Database:**MariaDB

PHP version: php 7

ownCloud version: (see ownCloud admin page) ownCloud 10.0.9

Updated from an older ownCloud or fresh install: updated from an older owncloud

Where did you install ownCloud from: owncloud.com

Signing status (ownCloud 9.0 and above): sorry for my poor english,what does this mean?

Login as admin user into your ownCloud and access 
http://example.com/index.php/settings/integrity/failed 
paste the results into https://gist.github.com/ and puth the link here.

The content of config/config.php:

Log in to the web-UI with an administrator account and click on
'admin' -> 'Generate Config Report' -> 'Download ownCloud config report'
This report includes the config.php settings, the list of activated apps
and other details in a well sanitized form.

or 

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your ownCloud installation folder

*ATTENTION:* Do not post your config.php file in public as is. Please use one of the above
methods whenever possible. Both, the generated reports from the web-ui and from occ config:list
consistently remove sensitive data. You still may want to review the report before sending.
If done manually then it is critical for your own privacy to dilligently
remove *all* host names, passwords, usernames, salts and other credentials before posting.
You should assume that attackers find such information and will use them against your systems.

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your ownCloud installation folder.

Are you using external storage, if yes which one: local/smb/sftp/…

Are you using encryption: yes/no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/…

LDAP configuration (delete this part if not used)

With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your ownCloud installation folder

Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';


Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.

Client configuration

Browser:

Operating system:

Logs

Web server error log

Insert your webserver log here

ownCloud log (data/owncloud.log)

Insert your ownCloud log here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log 
c) ...

#2

Hey,

i think it could make sense if you explain your current issue, the current behavior and the expected behavior in some more details rather then only within the topic title.


#3

Hmm, asking for help, but pasting a completely empty issue template… you’re welcome!:-1: