Jason, Apaches log file ownership and permissions are set when they rotate in /etc/cron.daily/apache (about line 90 or so). As pointed out there are security issues to worry about so be careful.
Pete -- http://www.elbnet.com ELB Internet Services, Inc. Web Design, Computer Consulting, Internet Hosting Jason Lim wrote: > > Anyone figured out my apache problem (log file permissions)? > > I still haven't figured this one out yet. > > TIA, > > Jas > > ----- Original Message ----- > From: "Jason Lim" <[EMAIL PROTECTED]> > To: <debian-isp@lists.debian.org> > Sent: Saturday, December 08, 2001 1:52 AM > Subject: Re: Strange apache behaviour? > > > Thats not very good security-wise to run webalizer as www-data, because > if > > a user ever finds a way to poison the log files, then webalizer will run > > them as www-data, and possibly be able to fool around with apache too > > (because they now run as the same user). > > > > A far better way (and much more direct) would be to have a way to change > > apache's log files BACK to the previous permissions. > > > > I think if no one knows the answer i'll have to ask netgod himself... (i > > think he is still the package maintainer?) > > > > Sincerely, > > Jason > > > > ----- Original Message ----- > > From: "Denis A. Kulgeyko" <[EMAIL PROTECTED]> > > To: "Jason Lim" <[EMAIL PROTECTED]> > > Sent: Friday, December 07, 2001 9:10 PM > > Subject: Re: Strange apache behaviour? > > > > > > > Hello ! > > > > > > > Do you know how to change the permissions of the log files apache > > > > generates? > > > > > > > > -rw-r----- 1 www-data www-data 1372461 Dec 7 13:04 > > apache-access.log > > > > -rw-r----- 1 www-data www-data 740269 Dec 2 06:21 > > > > apache-access.log.0 > > > > -rw-r----- 1 www-data www-data 44414 Nov 25 05:52 > > > > apache-access.log.1.gz > > > > -rw-rw-r-- 1 www-data www-data 167114 Sep 23 06:10 > > > > apache-access.log.10.gz > > > > -rw-rw-r-- 1 www-data www-data 13069 Sep 16 06:06 > > > > apache-access.log.11.gz > > > > -rw-rw-r-- 1 www-data www-data 14357 Sep 9 06:04 > > > > apache-access.log.12.gz > > > > -rw-rw-r-- 1 www-data www-data 21209 Sep 2 06:24 > > > > apache-access.log.13.gz > > > > -rw-rw-r-- 1 www-data www-data 5979 Nov 19 2000 > > > > apache-access.log.14.gz > > > > -rw-rw-r-- 1 www-data www-data 36771 Nov 18 06:23 > > > > apache-access.log.2.gz > > > > > > > > It USED to be readable by all, now the persmissions have changed > > (which in > > > > my case screws up the webalizer processes run by users). > > > > > > > > Having a look at the changelog... > > > > > > > > apache (1.3.22-1) unstable; urgency=low > > > > * Default ownership of logfiles is root/adm, perms 640 (closes: > > > > #112675). > > > > > > > > Thats all nice a good... but how to I get it 644? I looked and can't > > > > appear to find it. Closest thing I could find was in > > > > /etc/apache/cron.conf, but that only sets the uid/gid, not the file > > > > permissions of the logfiles. > > > > > > > > Any ideas? > > > > > > Run webalizer with permissions of group www-data and set appropriate > > umask to > > > user www-data (may be to loogrotate daemon too). > > > > > > -- > > > With Best Regards, > > > Denis A. Kulgeyko > > > DK666-UANIC > > > e-mail: [EMAIL PROTECTED] > > > ICQ: 81607525 > > > SMS: [EMAIL PROTECTED] > > > -================================- > > > UNIXes ... they are VERY friendly. > > > But .. they chooses their friends VERY carefully ... :) > > > ^]:wq! > > > > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
