James Pifer <jep@xxxxxxxxxxxxxxxx> wrote: > I need to enable some access to the httpd logs over ftp so > they can be analyzed by another application to get a report. > I used to do this on Windows NT before replacing the server > with CentOS. > Thanks to help from another thread I have an ftp server > enabled on the web server. I thought the easiest thing to > do would be to create an id for the application to connect > with, then provide a symlink to the logs in that generic > user's home directory. > The problem is the logs are owned by root. How can I make > them readable by this generic id without completely > compromising security? Plus, as the logs rotate this id will > still need access. > Any suggestions? I know you just setup FTP, but consider using SSH instead. First off, access to the logs are solved by always running the process as root at the end system. There is no reduced security by doing this. Secondly, setup 1 regular user on 1 system where you want the logs to be localized for processing. Then have the root user of each system SCP the log file to that 1 system as the 1 regular user. You'll want to use public key authentication (or a Kerberos realm if you want to avoid generating and/or copying keys for each system). If you're into a more formal setup, CVS or other version control or data collection repository check-ins of the log files might be ideal. For CVS (and several others), you can use the SSH login. -- Bryan J. Smith | Sent from Yahoo Mail mailto:b.j.smith@xxxxxxxx | (please excuse any http://thebs413.blogspot.com/ | missing headers)