Does anyone know what're these files under /var/log/gitlab/ use for?

Hello
Does any one know what are these files?
I got concern form security due to they have execute bit.

-rwxr----- /var/log/gitlab/redis/@400000006035cce809047e9c.s
-rwxr----- /var/log/gitlab/…/@XXXXXXXXXXXXXX.s

These are archived logs from the runit system: Omnibus GitLab Logs | GitLab

runit logs

The runit-managed services in Omnibus GitLab generate log data using svlogd .

  • Logs are written to a file called current .
  • Periodically, this log is compressed and renamed using the TAI64N format, for example: @400000005f8eaf6f1a80ef5c.s .
  • The filesystem datestamp on the compressed logs will be consistent with the time GitLab last wrote to that file.
  • zmore and zgrep allow viewing and searching through both compressed or uncompressed logs.

Read the svlogd documentation for more information about the files it generates.

Thank you, but one more question
Why those files need execute permission?
Is it need for zmore zgrep to use for viewing or searching?

@basbad you can answer the question easy by trying yourself the commands zmore and zcat:

root@repo:/var/log/gitlab/redis# zmore @40000000602e0a9321b67094.s
2021-02-17_06:37:57.03939 17466:M 17 Feb 2021 07:37:57.039 * 10 changes in 300 seconds. Saving...
2021-02-17_06:37:57.04014 17466:M 17 Feb 2021 07:37:57.040 * Background saving started by pid 27403
2021-02-17_06:37:57.06341 27403:C 17 Feb 2021 07:37:57.063 * DB saved on disk
2021-02-17_06:37:57.06428 27403:C 17 Feb 2021 07:37:57.064 * RDB: 1 MB of memory used by copy-on-write
2021-02-17_06:37:57.14282 17466:M 17 Feb 2021 07:37:57.142 * Background saving terminated with success
2021-02-17_06:42:58.09207 17466:M 17 Feb 2021 07:42:58.091 * 10 changes in 300 seconds. Saving...
2021-02-17_06:42:58.09293 17466:M 17 Feb 2021 07:42:58.092 * Background saving started by pid 30740
2021-02-17_06:42:58.11502 30740:C 17 Feb 2021 07:42:58.114 * DB saved on disk

or with zcat and grep:

root@repo:/var/log/gitlab/redis# zcat @40000000602e0a9321b67094.s | grep -i background
2021-02-17_06:37:57.04014 17466:M 17 Feb 2021 07:37:57.040 * Background saving started by pid 27403
2021-02-17_06:37:57.14282 17466:M 17 Feb 2021 07:37:57.142 * Background saving terminated with success
2021-02-17_06:42:58.09293 17466:M 17 Feb 2021 07:42:58.092 * Background saving started by pid 30740
2021-02-17_06:42:58.19401 17466:M 17 Feb 2021 07:42:58.193 * Background saving terminated with success
2021-02-17_06:47:59.03475 17466:M 17 Feb 2021 07:47:59.034 * Background saving started by pid 1601
2021-02-17_06:47:59.13578 17466:M 17 Feb 2021 07:47:59.135 * Background saving terminated with success
2021-02-17_06:53:00.05007 17466:M 17 Feb 2021 07:53:00.050 * Background saving started by pid 4805

since they are text files you are worrying about nothing - technically they shouldn’t have the execute bit but that would need Gitlab to fix that when these files are being generated by svlogd - since /etc/gitlab.rb does have svlog configuration options, unfortunately it doesn’t have an option to force what permissions should be assigned. Also, since the permissions are 700, only root as a user has access to these files anyway.

1 Like

Many Thanks

According to this link: svlogd(8) manual page

svlogd closes current , changes permission of current to 0755,

defaults to 0755 normally, which means gitlab’s permissions of 700 is even better.