in_unix plugin does not work without supervisor (permission denied with var/run/td-agent/td-agent.sock) #2984
Description
Check CONTRIBUTING guideline first and here is the list to help us investigate the problem.
Describe the bug
We we run Fluentd without the supervisor mode (in order to save some memory), the in_unix plugin no longer works because chumask is not set without the supervisor mode and there is a permission denied error with var/run/td-agent/td-agent.sock.
$ ls -l /var/run/google-fluentd/google-fluentd.sock
srwxr-xr-x 1 root root 0 Jan 14 04:28 /var/run/google-fluentd/google-fluentd.sock
To Reproduce
- Add this configuration
<source>
@type unix
path /var/run/google-fluentd/google-fluentd.sock
</source>
- Start Fluentd without supervisor
- The generated
/var/run/google-fluentd/google-fluentd.sockfile can not be written:
$ ls -l /var/run/google-fluentd/google-fluentd.sock
srwxr-xr-x 1 root root 0 Jan 14 04:28 /var/run/google-fluentd/google-fluentd.sock
Expected behavior
The permission should be srwxrwxrwx.
Your Environment
- Fluentd or td-agent version:
$ gem list | grep fluentd
fluentd (1.7.4)
- Operating system:
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="16.04.4 LTS (Xenial Xerus)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 16.04.4 LTS"
VERSION_ID="16.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
VERSION_CODENAME=xenial
UBUNTU_CODENAME=xenial
Additional context
It seems like that for standalone worker mode, we are setting chuser and chgroup, but not chumask.
fluentd/lib/fluent/supervisor.rb
Line 596 in c9dde71