|
Apache log directory permissions
Apache's documentation (links following) says you shouldn't give anyone write-access to the directories where you put your log files:
http://httpd.apache.org/docs/misc/security_tips.html http://httpd.apache.org/docs/logs.html http://httpd.apache.org/docs/mod/core.html#errorlog One of the warnings is this: "Anyone who can write to the directory where Apache is writing a log file can almost certainly gain access to the uid that the server is started as, which is normally root." Which sounds pretty scary. My httpd.conf tells Apache to run as user nobody, which can't write logs if /var/log/apache is owned by root. That forces me to change the owner of /var/log/apache to nobody, but if the warnings above are true then that somewhat defeats the purpose of using the nobody user. Am I doing something wrong here? Thanks, GR (Yes, I run apache chrooted.) |
Make the logs writable by the user Apache is running as. Nobody is probbaly not the best choice as something different may be running as that user. I suggest to create http or apache user only for that purpose.
|
Thanks, Mara!
GR |
| All times are GMT -5. The time now is 03:22 AM. |