Menu
▾
▴
Re: [log4perl-devel] log file permissions issues, pls advise
|
From: Kevin G. <cp...@go...> - 2006-02-24 17:39:29
|
Hugh Esco wrote: > That reminder of the need for apache to be able to write to the log's parent directory > got me moving again. I put the log in /tmp and everything started working. > > And as a security precaution, I'm wondering if it is possible to move this log out of > /tmp, without risking some other file system heirarchy to the risks of letting apache write to it? > Any ideas on this one? I would not recommend writing log files to /tmp. Here's the common solution: - create a directory in /var/log/, for instance /var/log/escosapp/ $ mkdir /var/log/escosapp - make it owned by the www-data user and only writeable by that user: $ chown www-data /var/log/escosapp/ $ chmod 0755 /var/log/escosapp/ The reason you can't write to /var/log/apache-ssl/ but apache can is that apache starts its logging process under the root user before it starts forking children and changing to the less-priviledged user. Your log4perl logs are written from the less-priviledged child processes running as the www-data user, so they can't write to the root-writeable-only apache log directory. -- Happy Trails . . . Kevin M. Goess |
