LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page [SOLVED] Apache log directory permissions
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-09-2004, 03:54 PM   #1
gypsy_rabbi
Member
 
Registered: Sep 2004
Distribution: Ubuntu
Posts: 109

Rep: Reputation: 15
Apache log directory permissions

Apache's documentation (links following) says you shouldn't give anyone write-access to the directories where you put your log files:
http://httpd.apache.org/docs/misc/security_tips.html
http://httpd.apache.org/docs/logs.html
http://httpd.apache.org/docs/mod/core.html#errorlog
One of the warnings is this: "Anyone who can write to the directory where Apache is writing a log file can almost certainly gain access to the uid that the server is started as, which is normally root." Which sounds pretty scary.

My httpd.conf tells Apache to run as user nobody, which can't write logs if /var/log/apache is owned by root. That forces me to change the owner of /var/log/apache to nobody, but if the warnings above are true then that somewhat defeats the purpose of using the nobody user. Am I doing something wrong here?

Thanks,

GR

(Yes, I run apache chrooted.)
 
Old 10-09-2004, 05:06 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Make the logs writable by the user Apache is running as. Nobody is probbaly not the best choice as something different may be running as that user. I suggest to create http or apache user only for that purpose.
 
1 members found this post helpful.
Old 10-09-2004, 06:31 PM   #3
gypsy_rabbi
Member
 
Registered: Sep 2004
Distribution: Ubuntu
Posts: 109

Original Poster
Rep: Reputation: 15
Thanks, Mara!

GR
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache Directory Listing Of NFS Mount, cannot view directory list via apache luqmana Linux - Networking 2 12-19-2005 06:03 AM
Apache user directory permissions AMMullan Linux - Software 11 12-23-2004 01:56 AM
home directory permissions get reset periodically, preventing use of apache UserDir rennard Linux - Security 2 08-03-2004 07:21 PM
we changed permissions on the etc directory and now we can not log in vinces39 Red Hat 1 06-18-2004 10:20 AM
Anyway to lock apache log file before I tar the directory? m3kgt Linux - General 2 11-05-2003 11:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:51 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration