Change Details

On mw1299.eqiad.wmnet at least, as a member of the `wikidev` group I am unable to access `/var/log/mediawiki/jobrunner.log` which is only available to `root:adm`: ``` $ ls -l /var/log/mediawiki/jobrunner.log -rw-r----- 1 root adm 32241612 Sep 19 15:27 /var/log/mediawiki/jobrunner.log ``` The jobrunner service runs as `www-data` and `/var/log/mediawiki` is `drwxr-xr-x 2 www-data wikidev`.

On mw1299.eqiad.wmnet at least, as a member of the `wikidev` group I am unable to access `/var/log/mediawiki/jobrunner.log` which is only available to `root:adm`: ``` $ ls -l /var/log/mediawiki/jobrunner.log -rw-r----- 1 root adm 32241612 Sep 19 15:27 /var/log/mediawiki/jobrunner.log ``` The jobrunner service runs as `www-data` and `/var/log/mediawiki` is `drwxr-xr-x 2 www-data wikidev`. Puppet has: ``` lang=ruby,name=modules/mediawiki/manifests/init.pp # /var/log/mediawiki contains log files for the MediaWiki jobrunner # and for various periodic jobs that are managed by cron. file { '/var/log/mediawiki': ensure => directory, owner => $::mediawiki::users::web, group => 'wikidev', mode => '0644', } ``` The hosts have been switched from Trusty with upstart to Jessie with I assume systemd. In upstart we used to have the upstart service to pass to start-stop-daemon `--chuid` which came from `$::mediawiki::users::web`. The systemd template uses the same puppet variable and on mw1299.eqiad.wmnet: ``` lang=ini,name=/lib/systemd/system/jobrunner.service [Unit] Description="Mediawiki job queue runner loop" After=hhvm.service [Service] EnvironmentFile=/etc/default/jobrunner User=www-data Group=www-data SyslogIdentifier=jobrunner ExecStart=/usr/bin/php /srv/deployment/jobrunner/jobrunner/redisJobRunnerService --config-file=${JOBRUNNER_CONFIG} ${DAEMON_OPTS} Restart=always [Install] WantedBy=multi-user.target ``` systemd does spawn the service as `www-data`.

On mw1299.eqiad.wmnet at least, as a member of the `wikidev` group I am unable to access `/var/log/mediawiki/jobrunner.log` which is only available to `root:adm`: ``` $ ls -l /var/log/mediawiki/jobrunner.log -rw-r----- 1 root adm 32241612 Sep 19 15:27 /var/log/mediawiki/jobrunner.log ``` The jobrunner service runs as `www-data` and `/var/log/mediawiki` is `drwxr-xr-x 2 www-data wikidev`. Puppet has: ``` lang=ruby,name=modules/mediawiki/manifests/init.pp # /var/log/mediawiki contains log files for the MediaWiki jobrunner # and for various periodic jobs that are managed by cron. file { '/var/log/mediawiki': ensure => directory, owner => $::mediawiki::users::web, group => 'wikidev', mode => '0644', } ``` The hosts have been switched from Trusty with upstart to Jessie with I assume systemd. In upstart we used to have the upstart service to pass to start-stop-daemon `--chuid` which came from `$::mediawiki::users::web`. The systemd template uses the same puppet variable and on mw1299.eqiad.wmnet: ``` lang=ini,name=/lib/systemd/system/jobrunner.service [Unit] Description="Mediawiki job queue runner loop" After=hhvm.service [Service] EnvironmentFile=/etc/default/jobrunner User=www-data Group=www-data SyslogIdentifier=jobrunner ExecStart=/usr/bin/php /srv/deployment/jobrunner/jobrunner/redisJobRunnerService --config-file=${JOBRUNNER_CONFIG} ${DAEMON_OPTS} Restart=always [Install] WantedBy=multi-user.target ``` systemd does spawn the service as `www-data`.