httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Burden" <...@burden.ca>
Subject Re: [users@httpd] Change owner for apache log files
Date Mon, 14 Mar 2005 05:04:07 GMT
Uhhm...no, you should ensure that log files ARE owned by the root user and
not writeable by any other user. Please see the security warning:
http://httpd.apache.org/docs-2.0/logs.html

----- Original Message ----- 
From: "Ronaldy, Franky" <franky.ronaldy@hp.com>
To: <users@httpd.apache.org>
Sent: Sunday, March 13, 2005 8:37 PM
Subject: RE: [users@httpd] Change owner for apache log files


Yes, I did run apache process by root account. But for the purpose
security standardization I should find a way to ensure log files not
owned by root account. Thanks a lot Joshua for your explanation.

Regards,
Franky

-----Original Message-----
From: Joshua Slive [mailto:jslive@gmail.com]
Sent: Friday, March 11, 2005 10:07 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Change owner for apache log files

On Fri, 11 Mar 2005 10:11:22 +0800, Ronaldy, Franky
<franky.ronaldy@hp.com> wrote:
> Hi All,
>
> Does anyone know how to change the owner for apache log files
> (access_log, agent_log, etc..)? My log files always owned by root
> account. Does the owner of log files depends on who execute apachectl
> command or I can define somewhere? Thanks.

No, this can't be done, and you should be very careful fooling around
with this.  The log files will indeed be owned by the user who starts
apache (usually root).  You can use a piped-log process or a log
rotation script to change ownership, but be sure never to have root
writing to a location controlled by another user, since this can lead
to major security holes.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message