Ethan Benson said: > it won't, apache does not use logrotate, your log permissions are > www-data.www-data mode 664 right now. (which is even worse since now > if someone cracks an apache child process they can tamper with your > logs) > > you need to edit /etc/cron.daily/apache to fix this. (there is a file > in /etc/apache to fix it so it does not chown them to www-data, but > that still does not fix the 664/644 permissions.
Thanks for pointing me at the right place. It seems to work OK with root.adm ownership, too, teh same as (most of) the logs in /var/log. -- "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton Geek Code 3.1: GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+ !K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+
