Hi Tim, I appreciate so much for your notification. I will take a note of it. Thanks a lot. Regards, Franky -----Original Message----- From: Tim Burden [mailto:tim@xxxxxxxxx] Sent: Monday, March 14, 2005 1:04 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Change owner for apache log files Uhhm...no, you should ensure that log files ARE owned by the root user and not writeable by any other user. Please see the security warning: http://httpd.apache.org/docs-2.0/logs.html ----- Original Message ----- From: "Ronaldy, Franky" <franky.ronaldy@xxxxxx> To: <users@xxxxxxxxxxxxxxxx> Sent: Sunday, March 13, 2005 8:37 PM Subject: RE: [users@httpd] Change owner for apache log files Yes, I did run apache process by root account. But for the purpose security standardization I should find a way to ensure log files not owned by root account. Thanks a lot Joshua for your explanation. Regards, Franky -----Original Message----- From: Joshua Slive [mailto:jslive@xxxxxxxxx] Sent: Friday, March 11, 2005 10:07 PM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Change owner for apache log files On Fri, 11 Mar 2005 10:11:22 +0800, Ronaldy, Franky <franky.ronaldy@xxxxxx> wrote: > Hi All, > > Does anyone know how to change the owner for apache log files > (access_log, agent_log, etc..)? My log files always owned by root > account. Does the owner of log files depends on who execute apachectl > command or I can define somewhere? Thanks. No, this can't be done, and you should be very careful fooling around with this. The log files will indeed be owned by the user who starts apache (usually root). You can use a piped-log process or a log rotation script to change ownership, but be sure never to have root writing to a location controlled by another user, since this can lead to major security holes. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|