Re: Strange apache behaviour?

To: <debian-isp@lists.debian.org>
Subject: Re: Strange apache behaviour?
From: "Jason Lim" <maillist@jasonlim.com>
Date: Sat, 8 Dec 2001 01:52:11 +1100
Message-id: <[🔎] 0d2801c17f2e$c113ad80$0400a8c0@zentek.net>
Reply-to: "Jason Lim" <maillist@jasonlim.com>
References: <[🔎] 0c7401c17ec4$035cfcc0$0400a8c0@zentek.net> <200112071010.fB7AAVZ10877@ufs.kiev.ua.>

Thats not very good security-wise to run webalizer as www-data, because if
a user ever finds a way to poison the log files, then webalizer will run
them as www-data, and possibly be able to fool around with apache too
(because they now run as the same user).

A far better way (and much more direct) would be to have a way to change
apache's log files BACK to the previous permissions.

I think if no one knows the answer i'll have to ask netgod himself... (i
think he is still the package maintainer?)

Sincerely,
Jason

----- Original Message -----
From: "Denis A. Kulgeyko" <burzum@bliss.com.ua>
To: "Jason Lim" <maillist@jasonlim.com>
Sent: Friday, December 07, 2001 9:10 PM
Subject: Re: Strange apache behaviour?


>      Hello !
>
> > Do you know how to change the permissions of the log files apache
> > generates?
> >
> > -rw-r-----    1 www-data www-data  1372461 Dec  7 13:04
apache-access.log
> > -rw-r-----    1 www-data www-data   740269 Dec  2 06:21
> > apache-access.log.0
> > -rw-r-----    1 www-data www-data    44414 Nov 25 05:52
> > apache-access.log.1.gz
> > -rw-rw-r--    1 www-data www-data   167114 Sep 23 06:10
> > apache-access.log.10.gz
> > -rw-rw-r--    1 www-data www-data    13069 Sep 16 06:06
> > apache-access.log.11.gz
> > -rw-rw-r--    1 www-data www-data    14357 Sep  9 06:04
> > apache-access.log.12.gz
> > -rw-rw-r--    1 www-data www-data    21209 Sep  2 06:24
> > apache-access.log.13.gz
> > -rw-rw-r--    1 www-data www-data     5979 Nov 19  2000
> > apache-access.log.14.gz
> > -rw-rw-r--    1 www-data www-data    36771 Nov 18 06:23
> > apache-access.log.2.gz
> >
> > It USED to be readable by all, now the persmissions have changed
(which in
> > my case screws up the webalizer processes run by users).
> >
> > Having a look at the changelog...
> >
> > apache (1.3.22-1) unstable; urgency=low
> >   * Default ownership of logfiles is root/adm, perms 640 (closes:
> >     #112675).
> >
> > Thats all nice a good... but how to I get it 644? I looked and can't
> > appear to find it. Closest thing I could find was in
> > /etc/apache/cron.conf, but that only sets the uid/gid, not the file
> > permissions of the logfiles.
> >
> > Any ideas?
>
> Run webalizer with permissions of group www-data and set appropriate
umask to
> user www-data (may be to loogrotate daemon too).
>
> --
> With Best Regards,
> Denis A. Kulgeyko
> DK666-UANIC
> e-mail: burzum@bliss.com.ua
> ICQ: 81607525
> SMS: mburzum@bliss.com.ua
> -================================-
> UNIXes ... they are VERY friendly.
> But .. they chooses their friends VERY carefully ... :)
> ^]:wq!
>

Reply to:

Follow-Ups:
- Re: Strange apache behaviour?
  - From: "Jason Lim" <maillist@jasonlim.com>

References:
- Strange apache behaviour?
  - From: "Jason Lim" <maillist@jasonlim.com>

Prev by Date: Re: Strange apache behaviour?
Next by Date: Re: Pop or Imap?
Previous by thread: Re: Strange apache behaviour?
Next by thread: Re: Strange apache behaviour?
Index(es):
- Date
- Thread