Re: Strange apache behaviour?
Thats not very good security-wise to run webalizer as www-data, because if
a user ever finds a way to poison the log files, then webalizer will run
them as www-data, and possibly be able to fool around with apache too
(because they now run as the same user).
A far better way (and much more direct) would be to have a way to change
apache's log files BACK to the previous permissions.
I think if no one knows the answer i'll have to ask netgod himself... (i
think he is still the package maintainer?)
Sincerely,
Jason
----- Original Message -----
From: "Denis A. Kulgeyko" <burzum@bliss.com.ua>
To: "Jason Lim" <maillist@jasonlim.com>
Sent: Friday, December 07, 2001 9:10 PM
Subject: Re: Strange apache behaviour?
> Hello !
>
> > Do you know how to change the permissions of the log files apache
> > generates?
> >
> > -rw-r----- 1 www-data www-data 1372461 Dec 7 13:04
apache-access.log
> > -rw-r----- 1 www-data www-data 740269 Dec 2 06:21
> > apache-access.log.0
> > -rw-r----- 1 www-data www-data 44414 Nov 25 05:52
> > apache-access.log.1.gz
> > -rw-rw-r-- 1 www-data www-data 167114 Sep 23 06:10
> > apache-access.log.10.gz
> > -rw-rw-r-- 1 www-data www-data 13069 Sep 16 06:06
> > apache-access.log.11.gz
> > -rw-rw-r-- 1 www-data www-data 14357 Sep 9 06:04
> > apache-access.log.12.gz
> > -rw-rw-r-- 1 www-data www-data 21209 Sep 2 06:24
> > apache-access.log.13.gz
> > -rw-rw-r-- 1 www-data www-data 5979 Nov 19 2000
> > apache-access.log.14.gz
> > -rw-rw-r-- 1 www-data www-data 36771 Nov 18 06:23
> > apache-access.log.2.gz
> >
> > It USED to be readable by all, now the persmissions have changed
(which in
> > my case screws up the webalizer processes run by users).
> >
> > Having a look at the changelog...
> >
> > apache (1.3.22-1) unstable; urgency=low
> > * Default ownership of logfiles is root/adm, perms 640 (closes:
> > #112675).
> >
> > Thats all nice a good... but how to I get it 644? I looked and can't
> > appear to find it. Closest thing I could find was in
> > /etc/apache/cron.conf, but that only sets the uid/gid, not the file
> > permissions of the logfiles.
> >
> > Any ideas?
>
> Run webalizer with permissions of group www-data and set appropriate
umask to
> user www-data (may be to loogrotate daemon too).
>
> --
> With Best Regards,
> Denis A. Kulgeyko
> DK666-UANIC
> e-mail: burzum@bliss.com.ua
> ICQ: 81607525
> SMS: mburzum@bliss.com.ua
> -================================-
> UNIXes ... they are VERY friendly.
> But .. they chooses their friends VERY carefully ... :)
> ^]:wq!
>
Reply to: