Re: spooky script

[Marc Espie <espie@nerim.net>]

On Mon, Mar 01, 2004 at 11:57:22AM +0100, Mercator Trading wrote:
> the spooky thing is that although the script was made to archive my
> logfiles, my apache webserver decided to log new events in the file i moved
> the log to. httpd.conf has not been edited.
> 
> Does anyone have an explanation for this? is it maybe that mv is not
> simmilar to cp - rm. should i try cp?
> 

This is a classical newbie mistake.  It's probably buried in apache's FAQ
somewhere.

Programs don't write stuff to file
names, they write stuff to file descriptors. Like this:

fd = open("filename", MODES);

while (something) {
	write(fd, data, sizeof(data);
}

And yes, the fd really refers to the underlying file. The `filename' is
just the path you use to access it. So, when you move a file around, you
just change the access name. This doesn't invalidate the file descriptor.

cp/rm wouldn't help.  Apache would still log stuff to the old fd. The fact
that there is no filename you can use to get back to the data is
inconsequential to it. The file would still grow and fill your hard disk
(those invisible log files are the most common reasons for discrepancies
between `unexplainable' du and df usage).

This is a well-known fact of Unix life. You could kill apache and restart
it.  But apache follows long-established Unix conventions. Specifically,
daemons react to the SIGHUP signal by closing their log-files and
re-opening them, thus establishing the filename<->fd correspondence anew.