On Mon, Sep 25, 2000 at 10:13:47AM -0500, Dave Sherohman wrote: > I just did the following: > > chgrp adm /var/log/apache/* > chmod o-r /var/log/apache/* > /etc/init.d/apache restart > > and my install of apache now appears to be able to log properly without > requiring the logs to be world-readable. I'll just have to check tomorrow to > see whether logrotate preserves these settings automagically or if tomorrow's > new logs are created with the old permissions. it won't, apache does not use logrotate, your log permissions are www-data.www-data mode 664 right now. (which is even worse since now if someone cracks an apache child process they can tamper with your logs) you need to edit /etc/cron.daily/apache to fix this. (there is a file in /etc/apache to fix it so it does not chown them to www-data, but that still does not fix the 664/644 permissions. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpaOlh6SIbRh.pgp
Description: PGP signature