You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by MegaBrutal <me...@gmail.com> on 2012/11/27 16:05:41 UTC
[users@httpd] rotatelogs creates logs as root
Hello,
I've encountered a system which is configured to use the rotatelogs
application to rotate logs. For some reason, it creates subsequent log
files with root owner, while the log files should be owned by the Apache
user account.
Why is it, and what can I do to solve this problem?
Apache runs under a separate user account, only one instance is running as
root to be able to bind to port 80. I don't think rotatelogs should be
called as root, or if so, rotatelogs should chown the files to the Apache
user ID.
Regards,
MegaBrutal
Re: [users@httpd] rotatelogs creates logs as root
Posted by Eric Covener <co...@gmail.com>.
On Tue, Nov 27, 2012 at 10:05 AM, MegaBrutal <me...@gmail.com> wrote:
> Hello,
>
> I've encountered a system which is configured to use the rotatelogs
> application to rotate logs. For some reason, it creates subsequent log files
> with root owner, while the log files should be owned by the Apache user
> account.
>
> Why is it, and what can I do to solve this problem?
Logs are owned by whatever id starts the server, typically root,
whether rotatelogs is used or not.
> Apache runs under a separate user account, only one instance is running as
> root to be able to bind to port 80. I don't think rotatelogs should be
> called as root, or if so, rotatelogs should chown the files to the Apache
> user ID.
The "apache" user is supposed to be unprivileged, which means it
shouldn't be able to rewrite its own logs.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] rotatelogs creates logs as root
Posted by Eric Covener <co...@gmail.com>.
On Tue, Nov 27, 2012 at 10:05 AM, MegaBrutal <me...@gmail.com> wrote:
> Hello,
>
> I've encountered a system which is configured to use the rotatelogs
> application to rotate logs. For some reason, it creates subsequent log files
> with root owner, while the log files should be owned by the Apache user
> account.
>
> Why is it, and what can I do to solve this problem?
>
> Apache runs under a separate user account, only one instance is running as
> root to be able to bind to port 80. I don't think rotatelogs should be
> called as root, or if so, rotatelogs should chown the files to the Apache
> user ID.
>
>
> Regards,
> MegaBrutal
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] rotatelogs creates logs as root
Posted by John Doe <jd...@yahoo.com>.
From: MegaBrutal <me...@gmail.com>
>I've encountered a system which is configured to use the rotatelogs application to rotate logs. For some reason, it creates subsequent log files with root owner, while the log files should be owned by the Apache user account.
>Why is it, and what can I do to solve this problem?
>Apache runs under a separate user account, only one instance is running as root to be able to bind to port 80. I don't think rotatelogs should be called as root, or if so, rotatelogs should chown the files to the Apache user ID.
Check your confs.
By example, the logrotate man page under linux lists the following parameter:
create mode owner group
JD
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org