From c3188e5a457d028a11c96a6bc6d976c0de09fe1c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 11 Sep 2025 23:09:55 +0000
Subject: [PATCH 1/4] Initial plan


From 766c4962a0e00e2fa845a7828a45d5d98154a49b Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 11 Sep 2025 23:14:36 +0000
Subject: [PATCH 2/4] Add fine-grained log directory permissions for
 nginx_config resource

Co-authored-by: damacus <40786+damacus@users.noreply.github.com>
---
 documentation/nginx_config.md      |  3 +++
 resources/config.rb                | 18 +++++++++++++++---
 spec/unit/resources/config_spec.rb | 17 ++++++++++++++++-
 3 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/documentation/nginx_config.md b/documentation/nginx_config.md
index df42f61b..447421f1 100644
--- a/documentation/nginx_config.md
+++ b/documentation/nginx_config.md
@@ -21,6 +21,9 @@
 | `group`                | String        | `root`                           | Nginx run-as/file/folder group.                                     |
 | `mode`                 | String        | `0640`                           | Nginx configuration file mode.                                      |
 | `folder_mode`          | String        | `0750`                           | Nginx configuration folder mode.                                    |
+| `log_dir_mode`         | String        | `0755`                           | Nginx log directory mode.                                           |
+| `log_dir_owner`        | String        | `root`                           | Nginx log directory owner.                                          |
+| `log_dir_group`        | String        | `root`                           | Nginx log directory group.                                          |
 | `process_user`         | String        | `www-data` (Debian) or `nginx`   | Nginx run-as user.                                                  |
 | `process_group`        | String        | `www-data` (Debian) or `nginx`   | Nginx run-as group.                                                 |
 | `worker_processes`     | Integer, String | `auto`                         | The number of worker processes.                                     |
diff --git a/resources/config.rb b/resources/config.rb
index 90a0bdb2..431dc494 100644
--- a/resources/config.rb
+++ b/resources/config.rb
@@ -64,6 +64,18 @@
           description: 'Folder mode',
           default: '0750'
 
+property :log_dir_mode, String,
+          description: 'Log directory mode',
+          default: '0755'
+
+property :log_dir_owner, String,
+          description: 'Log directory owner',
+          default: lazy { owner }
+
+property :log_dir_group, String,
+          description: 'Log directory group',
+          default: lazy { group }
+
 property :process_user, String,
           description: 'Nginx process user',
           default: lazy { nginx_user }
@@ -146,9 +158,9 @@ def default_site_enabled?
   end
 
   directory nginx_log_dir do
-    owner new_resource.owner
-    group new_resource.group
-    mode new_resource.folder_mode
+    owner new_resource.log_dir_owner
+    group new_resource.log_dir_group
+    mode new_resource.log_dir_mode
   end
 
   %w(default.conf example_ssl.conf).each do |config|
diff --git a/spec/unit/resources/config_spec.rb b/spec/unit/resources/config_spec.rb
index d210ce76..e59c5566 100644
--- a/spec/unit/resources/config_spec.rb
+++ b/spec/unit/resources/config_spec.rb
@@ -47,7 +47,22 @@
         )
     end
 
-    it { is_expected.to create_directory('/var/log/nginx').with_mode('0750').with_owner('root') }
+    it { is_expected.to create_directory('/var/log/nginx').with_mode('0755').with_owner('root') }
+    it { is_expected.to create_directory('/etc/nginx/conf.d').with_mode('0750') }
+    it { is_expected.to create_directory('/etc/nginx/conf.http.d').with_mode('0750') }
+  end
+
+  context 'with custom log directory properties' do
+    recipe do
+      nginx_install 'distro'
+      nginx_config 'default' do
+        log_dir_mode '0750'
+        log_dir_owner 'nginx'
+        log_dir_group 'nginx'
+      end
+    end
+
+    it { is_expected.to create_directory('/var/log/nginx').with_mode('0750').with_owner('nginx').with_group('nginx') }
     it { is_expected.to create_directory('/etc/nginx/conf.d').with_mode('0750') }
     it { is_expected.to create_directory('/etc/nginx/conf.http.d').with_mode('0750') }
   end

From cf91c24a3e04ea1f0bfa8165415343ca0fd0e2b0 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 11 Sep 2025 23:16:02 +0000
Subject: [PATCH 3/4] Add usage examples for new log directory properties

Co-authored-by: damacus <40786+damacus@users.noreply.github.com>
---
 documentation/nginx_config.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/documentation/nginx_config.md b/documentation/nginx_config.md
index 447421f1..8978a290 100644
--- a/documentation/nginx_config.md
+++ b/documentation/nginx_config.md
@@ -46,3 +46,15 @@ nginx_config 'nginx' do
   notifies :reload, 'nginx_service[nginx]', :delayed
 end
 ```
+
+### Using custom log directory permissions
+
+```ruby
+nginx_config 'nginx' do
+  log_dir_mode '0750'
+  log_dir_owner 'nginx'
+  log_dir_group 'nginx'
+  action :create
+  notifies :reload, 'nginx_service[nginx]', :delayed
+end
+```

From 82ba2d810b91f6a81a166c1fc458114d459fd5a8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 14 Sep 2025 17:37:16 +0000
Subject: [PATCH 4/4] Make log_dir_mode platform-specific (0750 default, 0755
 for Debian-like)

Co-authored-by: bmhughes <23269128+bmhughes@users.noreply.github.com>
---
 resources/config.rb                |  2 +-
 spec/unit/resources/config_spec.rb | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/resources/config.rb b/resources/config.rb
index 431dc494..3fe73ea7 100644
--- a/resources/config.rb
+++ b/resources/config.rb
@@ -66,7 +66,7 @@
 
 property :log_dir_mode, String,
           description: 'Log directory mode',
-          default: '0755'
+          default: lazy { platform_family?('debian') ? '0755' : '0750' }
 
 property :log_dir_owner, String,
           description: 'Log directory owner',
diff --git a/spec/unit/resources/config_spec.rb b/spec/unit/resources/config_spec.rb
index e59c5566..cab5af76 100644
--- a/spec/unit/resources/config_spec.rb
+++ b/spec/unit/resources/config_spec.rb
@@ -47,7 +47,7 @@
         )
     end
 
-    it { is_expected.to create_directory('/var/log/nginx').with_mode('0755').with_owner('root') }
+    it { is_expected.to create_directory('/var/log/nginx').with_mode('0750').with_owner('root') }
     it { is_expected.to create_directory('/etc/nginx/conf.d').with_mode('0750') }
     it { is_expected.to create_directory('/etc/nginx/conf.http.d').with_mode('0750') }
   end
@@ -66,4 +66,17 @@
     it { is_expected.to create_directory('/etc/nginx/conf.d').with_mode('0750') }
     it { is_expected.to create_directory('/etc/nginx/conf.http.d').with_mode('0750') }
   end
+
+  context 'on debian platform' do
+    platform 'ubuntu'
+
+    recipe do
+      nginx_install 'distro'
+      nginx_config 'default'
+    end
+
+    it { is_expected.to create_directory('/var/log/nginx').with_mode('0755').with_owner('root') }
+    it { is_expected.to create_directory('/etc/nginx/conf.d').with_mode('0750') }
+    it { is_expected.to create_directory('/etc/nginx/conf.http.d').with_mode('0750') }
+  end
 end