httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject RE: [PATCH] Apache 1.3 built in log rotation...
Date Wed, 27 Feb 2002 21:28:54 GMT
Like I mentioned before, on NetWare we can't use a piped log because the
NetWare OS doesn't support pipes.  A cron job is also a problem because
we don't have that either.  Since Apache created the log file, writes to
the log file, formats the output and closes the log file, is it that big
of a leap to have it rotate the log file as well?

Brad

Brad Nicholes
Senior Software Engineer
Novell, Inc., a leading provider of Net business solutions
http://www.novell.com 

>>> rbb@covalent.net Wednesday, February 27, 2002 1:45:27 PM >>>
Do we really want Apache rotating logs?  Apache is a web server it
serves web pages really well.  If you want log rotation, use either a
piped log or a cron job that restarts the server.

Ryan

> Since I am not a Unix developer, can this security problem be
overcome
> somehow or does this mean that I should #ifdef the code as NETWARE
> only?
> 
> Brad
> 
> Brad Nicholes
> Senior Software Engineer
> Novell, Inc., a leading provider of Net business solutions
> http://www.novell.com 
> 
> >>> marcs@znep.com Wednesday, February 27, 2002 1:34:46 PM >>>
> On Wed, 27 Feb 2002, Brad Nicholes wrote:
> 
> >      This patch adds the directives LogRotateDaily and
> LogRotateInterval
> > to the mod_log_config modules.  These directives allow all of the
> custom
> > logs to be automatically rotated on either a daily basis or at a
> > specific interval.  This patch is based on a previous patch that
was
> > submitted by Bertrand Demiddelaer.
> >      One of the problems that we have had on NetWare is the lack
of
> a
> > way to automatically rotate the log files.  NetWare is unable to
use
> the
> > RotateLog utility due to the fact that the OS does not support
pipes.
> 
> > This patch is being submitted as a general patch rather than a
> NetWare
> > specific patch so that other platforms can take advantage of it if
> they
> > choose to.  If there are objections to this patch I could submit
it
> as a
> > NetWare only fix.  If there are no objections, I would like to go
> ahead
> > and check it in.
> 
> This patch is a major security problem on Unix, since you should not
> have
> your log files writable by the user apache runs as.  They should
only
> be writable by the user that starts Apache (normally root).  This
> means
> child processes can not reopen logs.
> 
> BTW, please try to include patches in the body of the message
instead
> of
> as binary attachments.



Mime
View raw message