[Systems] Fwd: [Systems-logs] Cron <www-data at sunjammer> [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh
Bernie Innocenti
bernie at codewiz.org
Wed Feb 24 21:23:32 EST 2016
On 02/24/2016 11:20 AM, Samuel Cantero wrote:
> Hi all,
>
> I have received a bunch of this email. The user www-data is executing
> the awstats update script and it doesn't have permission to read the
> /var/log/apache2/codewiz.org/codewiz.org-access.log
> <http://codewiz.org/codewiz.org-access.log> apache log file. The same
> for /var/log/apache2/access.log. The permission is set to:
>
> -rw-r----- 1 root adm 9,2M Feb 24 14:05 codewiz.org-access.log
> -rw-r----- 1 root adm 9,8M Feb 24 14:13 access.log
>
> However, all the old log files have the following permission:
>
> -rw-rw---- 1 root www-data 429K Jan 4 2015
> codewiz.org-access.log-20150104.xz
>
> I guess logrotate (/etc/logrotate.d/apache2) is in charge of setting
> this permission. So I checked it and I found the following directive:
> create 640 root adm. I can find the same pattern in the other log files.
> I guess we should change it to: create 660 root www-data.
>
> If you are ok with me, I will proceed to change it and fix manually the
> permissions for the current log files.
I was also surprised to see the change from www-data to adm. How does
Apache even write into files owned by root:adm if it's in the www-data
group?
I guess something changed in how Ubuntu or Debian handles apache logs.
These bugs seem relevant:
https://bugs.launchpad.net/ubuntu/+source/awstats/+bug/1252467
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745620
Not sure what the best fix is, feel free to experiment.
--
_ // Bernie Innocenti
\X/ http://codewiz.org
More information about the Systems
mailing list