httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Malo ...@perlig.de>
Subject Re: [users@httpd] fopen of log files
Date Fri, 11 Feb 2005 12:56:11 GMT
* alex@squigly.net wrote:

> Using apache 1.3.33 with sanfs and we currently do not permit the 'root'
> user to have any access to read/write on this file system.  The only
> information stored on the sanfs is web content, and hopefully log files.
>
> If i have everything running so all virtual host home dir's are set up on
> sanfs, that works fine . If i then go and try and move the access_log and
> error log to the sanfs, then it doesn't work.  Seems, the initial fopen
> of the logs is done as the root user and not as the user the daemon runs
> as (www in this case)
>
> Can anyone shed light on why?

Because the parent process opens the files and inherits them to the child 
processes. The parent process only needs to be root if the port it binds to 
is restricted (<1024).
However, the other advantage of letting root open the log files is that the 
daemon user doesn't need to be able to read the log files (just needs to 
write to).

nd
-- 
"Das Verhalten von Gates hatte mir bewiesen, dass ich auf ihn und seine
beiden Gefährten nicht zu zählen brauchte" -- Karl May, "Winnetou III"

Im Westen was neues: <http://pub.perlig.de/books.html#apache2>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message