Re: The permissions of the apache2 log dir
On Sat, 02 Jun 2012 21:17:35 +0200, Titanus Eramius wrote:
> Last week i ran into the very restrictive folder permissions of the
> apache2 log dir. They where "drwxr-x--- root adm" but I changed them to
> "rwxr-xr-x root adm" so a unprivileged user may opdate webalizer at
Uff... don't do that.
It's recommended to run webalizer from a cron job (or manually, but it
has to be root who runs the task) but changing the Apache log directory
permissions can lead to a security problem :-/
> That got me thinking (which I generally don't like...), does anyone know
> why the permissions are so strict, and is there a risk in the change
> I've made beside that everybody now may read the logs?
They are strict because they have to be so.
If you need an unpriviledged user to run webalizer to manually update the
web stats you better find a differenet way for doing it, for instance, by
adding a secondary directory where to send the user logs with relaxed
permission (only available for that user and password protected) or using/
configuring sudo to allow that user to run the webalizer binary so he can
execute the script without altering the directory perms.