Menu
▾
▴
Re: [webmin-l] Logs directory
|
From: Jamie C. <jca...@we...> - 2005-04-22 22:48:55
|
On 23/Apr/2005 05:04 Stephen Le wrote ..
> On 4/22/05, john m <jo...@ra...> wrote:
> > I have the logs set so that not only the directory they reside in, but
> > the logs themselves are owned by root.
> > With permissions of 644, then they can read em but not delete.
> > I then have logrotation set to email them the logs at the end of the
> > week and to just keep the last 5 logs in their directory.
> >
> > That way they can't delete them and so can't crash apache
>
> As long as a user owns the parent directory, a file or directory can
> still be deleted. Try using 'rm -rf'
>
> One solution to this problem is to have the logs go into a root-owned
> directory outside of the user's filesystem -- /var/log/apache/virtual
> or something similar. Each Virtual Server would get its own log
> directory under that path. To provide access to the logs, a symbolic
> link to the appropriate directory could then be made in a user's home
> directory. If a user decided to delete their log directory, only the
> symbolic link would be deleted -- the directory that Apache logs to
> would still remain and there would be no problems.
>
> Furthermore, this has an added security benefit: such a setup would
> prevent users from deleting their logs to hide signs of suspicious
> activity.
>
> Jamie, do you think you could make this an option with Virtualmin?
You can set this up already in the latest Virtualmin - on the Server Templates page,
in the section for Apache directives, you can edit the path in the CustomLog lin and
change it to something like /var/log/httpd/${DOM}.log .
- Jamie
|