Menu
▾
▴
log4perl-devel
|
From: Hugh E. <he...@re...> - 2006-02-23 09:02:45
|
Hello folks. This looks like a great tool. But I'm stumped out the outset here by some permission issues I've been unable to track down. Using Log::Log4perl, I'm getting errors in the browser looking like this: There has been an error: Cannot write to '/var/log/apache-ssl/dpr.log': Permission denied at /usr/local/share/perl/5.8.7/Log/Dispatch/File.pm line 86. Although, when I su - www-data (my apache user), I am able to update the last modification date with the touch command and use vim to edit the log file, as well. Can anyone here please advise why my log file would be inaccessible to this web application? Thank you for your time. -- Hugh -- RCK Computer Services http://reclaimedcomputers.ca/ |
|
From: Mike S. <m...@pe...> - 2006-02-23 17:55:30
|
On Thu, 23 Feb 2006, Hugh Esco wrote: > Hello folks. This looks like a great tool. But I'm stumped out the > outset here by some permission issues I've been unable to track > down. Using Log::Log4perl, I'm getting errors in the browser looking > like this: > > There has been an error: Cannot write to '/var/log/apache-ssl/dpr.log': > Permission denied at /usr/local/share/perl/5.8.7/Log/Dispatch/File.pm line 86. > > Although, when I su - www-data (my apache user), I am able to update > the last modification date with the touch command and use vim to > edit the log file, as well. > > Can anyone here please advise why my log file would be inaccessible > to this web application? Thank you for your time. "touch" doesn't require write permissions on the file, appending does: $ touch file $ chmod -w file $ touch file $ echo foo >>file bash: file: Permission denied So, what you need are write permissions on your /var/log/apache-ssl/dpr.log file, either for the owner or the group. By the way, the file appender will create the file according to the specified umask settings if it doesn't exist yet. In this case, it requires write permissions on the directory the file will be located in. -- Mike Mike Schilli m...@pe... |
|
From: Hugh E. <he...@re...> - 2006-02-23 20:59:10
|
Thank you sir. That worked and I just sang your praises as a "responsive" package maintainer on perlmonks.org/. That reminder of the need for apache to be able to write to the log's parent directory got me moving again. I put the log in /tmp and everything started working. And as a security precaution, I'm wondering if it is possible to move this log out of /tmp, without risking some other file system heirarchy to the risks of letting apache write to it? Any ideas on this one? -- Hugh On Thu, 23 Feb 2006 09:55:17 -0800 (PST) Mike Schilli <m...@pe...> wrote: > On Thu, 23 Feb 2006, Hugh Esco wrote: > > > Hello folks. This looks like a great tool. But I'm stumped out the > > outset here by some permission issues I've been unable to track > > down. Using Log::Log4perl, I'm getting errors in the browser looking > > like this: > > > > There has been an error: Cannot write to '/var/log/apache-ssl/dpr.log': > > Permission denied at /usr/local/share/perl/5.8.7/Log/Dispatch/File.pm line 86. > > > > Although, when I su - www-data (my apache user), I am able to update > > the last modification date with the touch command and use vim to > > edit the log file, as well. > > > > Can anyone here please advise why my log file would be inaccessible > > to this web application? Thank you for your time. > > "touch" doesn't require write permissions on the file, appending does: > > $ touch file > $ chmod -w file > $ touch file > $ echo foo >>file > bash: file: Permission denied > > So, what you need are write permissions on your /var/log/apache-ssl/dpr.log file, > either for the owner or the group. > > By the way, the file appender will create the file according to the > specified umask settings if it doesn't exist yet. In this case, it > requires write permissions on the directory the file will be > located in. > > -- Mike > > Mike Schilli > m...@pe... > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > log4perl-devel mailing list > log...@li... > https://lists.sourceforge.net/lists/listinfo/log4perl-devel > > -- -- Hugh Esco 250-352-9361 he...@re... RCK Computer Services http://reclaimedcomputers.ca/ |
|
From: Kevin G. <cp...@go...> - 2006-02-24 17:39:29
|
Hugh Esco wrote: > That reminder of the need for apache to be able to write to the log's parent directory > got me moving again. I put the log in /tmp and everything started working. > > And as a security precaution, I'm wondering if it is possible to move this log out of > /tmp, without risking some other file system heirarchy to the risks of letting apache write to it? > Any ideas on this one? I would not recommend writing log files to /tmp. Here's the common solution: - create a directory in /var/log/, for instance /var/log/escosapp/ $ mkdir /var/log/escosapp - make it owned by the www-data user and only writeable by that user: $ chown www-data /var/log/escosapp/ $ chmod 0755 /var/log/escosapp/ The reason you can't write to /var/log/apache-ssl/ but apache can is that apache starts its logging process under the root user before it starts forking children and changing to the less-priviledged user. Your log4perl logs are written from the less-priviledged child processes running as the www-data user, so they can't write to the root-writeable-only apache log directory. -- Happy Trails . . . Kevin M. Goess |
|
From: Hugh E. <he...@re...> - 2006-02-26 21:01:38
|
Mike Schilli: May I be so bold as to suggest the addition of this suggestion below in the perldoc? Thank you Kevin. That is exactly what I was looking for. -- Hugh On Fri, 24 Feb 2006 09:39:09 -0800 Kevin Goess <cp...@go...> wrote: > Hugh Esco wrote: > > That reminder of the need for apache to be able to write to the log's parent directory > > got me moving again. I put the log in /tmp and everything started working. > > > > And as a security precaution, I'm wondering if it is possible to move this log out of > > /tmp, without risking some other file system heirarchy to the risks of letting apache write to it? > > Any ideas on this one? > > I would not recommend writing log files to /tmp. Here's the common > solution: > > - create a directory in /var/log/, for instance /var/log/escosapp/ > > $ mkdir /var/log/escosapp > > - make it owned by the www-data user and only writeable by that user: > > $ chown www-data /var/log/escosapp/ > $ chmod 0755 /var/log/escosapp/ > > The reason you can't write to /var/log/apache-ssl/ but apache can is > that apache starts its logging process under the root user before it > starts forking children and changing to the less-priviledged user. Your > log4perl logs are written from the less-priviledged child processes > running as the www-data user, so they can't write to the > root-writeable-only apache log directory. > > > -- > Happy Trails . . . > > Kevin M. Goess > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > log4perl-devel mailing list > log...@li... > https://lists.sourceforge.net/lists/listinfo/log4perl-devel > > -- -- Hugh Esco 250-352-9361 he...@re... RCK Computer Services http://reclaimedcomputers.ca/ |
|
From: Mike S. <m...@pe...> - 2006-02-26 23:37:35
|
On Sun, 26 Feb 2006, Hugh Esco wrote: > Mike Schilli: > May I be so bold as to suggest the addition > of this suggestion below in the perldoc? You could be even bolder and write up a FAQ, which could then be included in Log4perl's FAQ page! -- Mike Mike Schilli m...@pe... > > Thank you Kevin. That is exactly > what I was looking for. > > -- Hugh > > On Fri, 24 Feb 2006 09:39:09 -0800 > Kevin Goess <cp...@go...> wrote: > > > Hugh Esco wrote: > > > That reminder of the need for apache to be able to write to the log's parent directory > > > got me moving again. I put the log in /tmp and everything started working. > > > > > > And as a security precaution, I'm wondering if it is possible to move this log out of > > > /tmp, without risking some other file system heirarchy to the risks of letting apache write to it? > > > Any ideas on this one? > > > > I would not recommend writing log files to /tmp. Here's the common > > solution: > > > > - create a directory in /var/log/, for instance /var/log/escosapp/ > > > > $ mkdir /var/log/escosapp > > > > - make it owned by the www-data user and only writeable by that user: > > > > $ chown www-data /var/log/escosapp/ > > $ chmod 0755 /var/log/escosapp/ > > > > The reason you can't write to /var/log/apache-ssl/ but apache can is > > that apache starts its logging process under the root user before it > > starts forking children and changing to the less-priviledged user. Your > > log4perl logs are written from the less-priviledged child processes > > running as the www-data user, so they can't write to the > > root-writeable-only apache log directory. > > > > > > -- > > Happy Trails . . . > > > > Kevin M. Goess > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > > that extends applications into web and mobile media. Attend the live webcast > > and join the prime developer group breaking into this new coding territory! > > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > > _______________________________________________ > > log4perl-devel mailing list > > log...@li... > > https://lists.sourceforge.net/lists/listinfo/log4perl-devel > > > > > > > -- > -- > Hugh Esco > 250-352-9361 > he...@re... > RCK Computer Services > http://reclaimedcomputers.ca/ > > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting language > that extends applications into web and mobile media. Attend the live webcast > and join the prime developer group breaking into this new coding territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > log4perl-devel mailing list > log...@li... > https://lists.sourceforge.net/lists/listinfo/log4perl-devel > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X