[CentOS] el7 systemd service:: ensure var/log owner when User is specified

Wed Feb 10 11:34:59 UTC 2021
Anthony K <akcentos at anroet.com>

On 10/2/21 4:21 am, Adrian Sevcenco wrote:
> Hi! Does anyone have an idea how can i (in a nice way [1]) to ensure 
> ownership/permissions of log directory in /var/log for a unit
> that drops privileges to a user (with User=/Group=)
>
> [1] The ugly way being with script in StartPre and sudo in Start
> so i want to use User=
> I'm aware of LogsDirectory= but is not available on EL7
>
> Thanks a lot!
> Adrian
>
If you know the username/group/directory beforehand, then you could use 
setfacl on the directory and permissions should trickle down to new 
directories/files. Not sure though what implications this has for SELinux.

https://www.redhat.com/sysadmin/linux-access-control-lists