LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-09-2004, 04:54 PM   #1
gypsy_rabbi
Member
 
Registered: Sep 2004
Distribution: Ubuntu
Posts: 109

Rep: Reputation: 15
Apache log directory permissions


Apache's documentation (links following) says you shouldn't give anyone write-access to the directories where you put your log files:
http://httpd.apache.org/docs/misc/security_tips.html
http://httpd.apache.org/docs/logs.html
http://httpd.apache.org/docs/mod/core.html#errorlog
One of the warnings is this: "Anyone who can write to the directory where Apache is writing a log file can almost certainly gain access to the uid that the server is started as, which is normally root." Which sounds pretty scary.

My httpd.conf tells Apache to run as user nobody, which can't write logs if /var/log/apache is owned by root. That forces me to change the owner of /var/log/apache to nobody, but if the warnings above are true then that somewhat defeats the purpose of using the nobody user. Am I doing something wrong here?

Thanks,

GR

(Yes, I run apache chrooted.)
 
Old 10-09-2004, 06:06 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Make the logs writable by the user Apache is running as. Nobody is probbaly not the best choice as something different may be running as that user. I suggest to create http or apache user only for that purpose.
 
1 members found this post helpful.
Old 10-09-2004, 07:31 PM   #3
gypsy_rabbi
Member
 
Registered: Sep 2004
Distribution: Ubuntu
Posts: 109

Original Poster
Rep: Reputation: 15
Thanks, Mara!

GR
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Directory Listing Of NFS Mount, cannot view directory list via apache luqmana Linux - Networking 2 12-19-2005 07:03 AM
Apache user directory permissions AMMullan Linux - Software 11 12-23-2004 02:56 AM
home directory permissions get reset periodically, preventing use of apache UserDir rennard Linux - Security 2 08-03-2004 08:21 PM
we changed permissions on the etc directory and now we can not log in vinces39 Red Hat 1 06-18-2004 11:20 AM
Anyway to lock apache log file before I tar the directory? m3kgt Linux - General 2 11-05-2003 12:51 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration