Add CLI flag to opt in to world-readable log files (#3747)

## Issue Addressed

#3732

## Proposed Changes

Add a CLI flag to allow users to opt out of the restrictive permissions of the log files.

## Additional Info

This is not recommended for most users. The log files can contain sensitive information such as validator indices, public keys and API tokens (see #2438). However some users using a multi-user setup may find this helpful if they understand the risks involved.
This commit is contained in:
Mac L
2022-11-25 07:57:11 +00:00
parent e9bf7f7cc1
commit 969ff240cd
7 changed files with 36 additions and 1 deletions

View File

@@ -129,6 +129,15 @@ fn main() {
to store old logs.")
.global(true),
)
.arg(
Arg::with_name("logfile-no-restricted-perms")
.long("logfile-no-restricted-perms")
.help(
"If present, log files will be generated as world-readable meaning they can be read by \
any user on the machine. Note that logs can often contain sensitive information \
about your validator and so this flag should be used with caution.")
.global(true),
)
.arg(
Arg::with_name("log-format")
.long("log-format")
@@ -407,6 +416,8 @@ fn run<E: EthSpec>(
let logfile_compress = matches.is_present("logfile-compress");
let logfile_restricted = !matches.is_present("logfile-no-restricted-perms");
// Construct the path to the log file.
let mut log_path: Option<PathBuf> = clap_utils::parse_optional(matches, "logfile")?;
if log_path.is_none() {
@@ -446,6 +457,7 @@ fn run<E: EthSpec>(
max_log_size: logfile_max_size * 1_024 * 1_024,
max_log_number: logfile_max_number,
compression: logfile_compress,
is_restricted: logfile_restricted,
};
let builder = environment_builder.initialize_logger(logger_config.clone())?;