LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-27-2014, 01:38 PM   #1
Zippy1970
Member
 
Registered: Sep 2007
Posts: 119

Rep: Reputation: 17
How to set default file permissions for (custom) Apache log files?


Is there a way to set the default file permssion of the log files created by Apache? They are set to 0644 by default (apparently) but I want them set to 0600.
 
Old 03-27-2014, 02:53 PM   #2
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,517

Rep: Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619
0644
that 0 at the start
i am assuming this is RHEL 5 or 6 ( selinux)

you really do not want to change it to 0600
the users "apache" and "user" need to be able to read the files
 
Old 03-27-2014, 03:37 PM   #3
Zippy1970
Member
 
Registered: Sep 2007
Posts: 119

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by John VV View Post
you really do not want to change it to 0600
the users "apache" and "user" need to be able to read the files
Why?

Edit: I assume that with "apache" you mean the web user? And who/what do you mean with "user"?
(I have neither a user "apache" nor "user" on my system)

Last edited by Zippy1970; 03-27-2014 at 03:43 PM.
 
Old 03-27-2014, 03:48 PM   #4
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,517

Rep: Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619Reputation: 2619
the apache web server IS owned by the user "apache" ( just NO $HOME folder)
just like Mysql is owned by the user "mysql"
and all redhat based systems have a group called "users"
and those users and groups need to be able to read the log

run "chmod" on the log

but expect problems afterward , it is your set up . Do what you want
 
Old 03-27-2014, 04:11 PM   #5
Zippy1970
Member
 
Registered: Sep 2007
Posts: 119

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by John VV View Post
the apache web server IS owned by the user "apache" ( just NO $HOME folder)
I understand that apache runs (not owned) as user "apache" (or "www", "www-data", etc depending on the distro).

But the log files are owned by user root. And user root is the only user allowed to write to them.

Quote:
just like Mysql is owned by the user "mysql"
and all redhat based systems have a group called "users"
and those users and groups need to be able to read the log
Again, why?

Quote:
run "chmod" on the log
but expect problems afterward , it is your set up . Do what you want
Which is exactly the reason why "run chmod" is terrible advice to give.

I want the logfiles to get the default file permissions of 0640 (0600 was a typo) by whichever service creates the logfiles.

Last edited by Zippy1970; 03-27-2014 at 04:56 PM.
 
Old 03-27-2014, 05:04 PM   #6
Zippy1970
Member
 
Registered: Sep 2007
Posts: 119

Original Poster
Rep: Reputation: 17
To answer my own question, one way of doing this is by adding

umask 026

to the file /etc/apache2/envvars.

But this will cause all files created by Apache (either as the web user or root) to get the default file permissions of 0640 (-rw-r-----). I only want the log files to get these file permissions.

PS: The interwebs seems to be devided as to whether or not envvars is the proper place to add the umask.

Last edited by Zippy1970; 03-27-2014 at 05:17 PM.
 
Old 04-02-2014, 01:45 AM   #7
Ake Torngren
LQ Newbie
 
Registered: May 2006
Location: Cape Town, South Africa
Distribution: Fedora 24 x86_64
Posts: 20

Rep: Reputation: 1
Adding my two cents.
I just moved from Linux Fedora 14 to Fedora 20,
then donwloaded/installed Apache (which is no longer on
the install DVD), and ran into this "You don't
have access" problem, until I found that SELunix
was the culprit. Depending on your flavour of
Linux, this might apply to some of you as well.
To find out whether SELinux is active, enter
"getenforce". If you get "Enabled" then look
in "/var/log/audit/audit.log".
You might see lines like
... denied { getattr } ... comm="httpd" path="/var/www/html/index.html"
Then decide whether
1) You DON'T want/need SELunix. Then edit
"/etc/selinux/config" and change the relevant
line to "SELINUX=disabled", then reboot.
2) You DO want/need SELunix. Then study SELunix
and change whatever settings. (I can't help
you with this, since I opted for 1 above.)

Last edited by Ake Torngren; 04-02-2014 at 01:53 AM. Reason: Fixed typos
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to set default file permissions to 755? yrc Linux - Newbie 21 03-06-2013 06:24 AM
Set default file/directory permissions replica88 Linux - Newbie 2 04-04-2010 10:12 AM
Apache Log file permissions Richie55 Linux - Server 3 03-11-2009 02:01 PM
Set default permissions for new files and folders jmkelm08 Linux - General 1 09-11-2006 08:26 PM
Where to set default file permissions (umask)? tredegar Linux - Newbie 14 01-27-2004 05:10 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration