Changing default Apache log permissions The 2019 Stack Overflow Developer Survey Results Are InHow to make apache log files readable by apacheApache 2.4, 403 on all php scripts, html worksSet umask 0002 for apache user: www-dataSetting OS Level Permissions for Apache Web Root in Virtual Hosts with Continuous IntegrationEnsuring SSH users don't unintentionally affect Apache file ownershipapache2 server no permission on new directoryApache www permissions for php scriptSecuring files in non-web location accessed via symlinkIs there anything I can add to an Apache server configuration file that will change the user of the PHP and apache processes?Apache Start Fails due to missing mpm moduleSuexec/Apache user is not php-fpm 'user'
Is this food a bread or a loaf?
Is domain driven design an anti-SQL pattern?
Should I write numbers in words or as numerals when there are multiple next to each other?
How can I fix this gap between bookcases I made?
Does light intensity oscillate really fast since it is a wave?
What is a mixture ratio of propellant?
What is this 4-propeller plane?
I see my dog run
What does "sndry explns" mean in one of the Hitchhiker's guide books?
Why is Grand Jury testimony secret?
How to deal with fear of taking dependencies
Time travel alters history but people keep saying nothing's changed
aging parents with no investments
Does it makes sense to buy a new cycle to learn riding?
What does "rabbited" mean/imply in this sentence?
What are the motivations for publishing new editions of an existing textbook, beyond new discoveries in a field?
Where does the "burst of radiance" from Holy Weapon originate?
Is bread bad for ducks?
How come people say “Would of”?
Springs with some finite mass
Unbreakable Formation vs. Cry of the Carnarium
Landlord wants to switch my lease to a "Land contract" to "get back at the city"
Which Sci-Fi work first showed weapon of galactic-scale mass destruction?
Why isn't airport relocation done gradually?
Changing default Apache log permissions
The 2019 Stack Overflow Developer Survey Results Are InHow to make apache log files readable by apacheApache 2.4, 403 on all php scripts, html worksSet umask 0002 for apache user: www-dataSetting OS Level Permissions for Apache Web Root in Virtual Hosts with Continuous IntegrationEnsuring SSH users don't unintentionally affect Apache file ownershipapache2 server no permission on new directoryApache www permissions for php scriptSecuring files in non-web location accessed via symlinkIs there anything I can add to an Apache server configuration file that will change the user of the PHP and apache processes?Apache Start Fails due to missing mpm moduleSuexec/Apache user is not php-fpm 'user'
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
For some development servers, I want to make all the Apache log files accessible via the web so developers can more easily debug. I've figured out how to modify the Apache site config to make the default /var/log/apache2 directory accessible, but unless I manually chmod the directory to be accessible to Apache's www-data user, the files return the "Forbidden" error.
It looks like, by default on Ubuntu, Apache writes its logs with user root and group adm. How do I change this to user group www-data so web users can read them?
Googling this, some have suggested editing the value for APACHE_RUN_GROUP in /etc/apache2/envvars, but this is already set to www-data.
apache2
asked Apr 5 at 19:00
CerinCerin
1,283133957
add a comment |
For some development servers, I want to make all the Apache log files accessible via the web so developers can more easily debug. I've figured out how to modify the Apache site config to make the default /var/log/apache2 directory accessible, but unless I manually chmod the directory to be accessible to Apache's www-data user, the files return the "Forbidden" error.
It looks like, by default on Ubuntu, Apache writes its logs with user root and group adm. How do I change this to user group www-data so web users can read them?
Googling this, some have suggested editing the value for APACHE_RUN_GROUP in /etc/apache2/envvars, but this is already set to www-data.
apache2
asked Apr 5 at 19:00
CerinCerin
1,283133957
add a comment |
For some development servers, I want to make all the Apache log files accessible via the web so developers can more easily debug. I've figured out how to modify the Apache site config to make the default /var/log/apache2 directory accessible, but unless I manually chmod the directory to be accessible to Apache's www-data user, the files return the "Forbidden" error.
It looks like, by default on Ubuntu, Apache writes its logs with user root and group adm. How do I change this to user group www-data so web users can read them?
Googling this, some have suggested editing the value for APACHE_RUN_GROUP in /etc/apache2/envvars, but this is already set to www-data.
apache2
asked Apr 5 at 19:00
CerinCerin
1,283133957
For some development servers, I want to make all the Apache log files accessible via the web so developers can more easily debug. I've figured out how to modify the Apache site config to make the default /var/log/apache2 directory accessible, but unless I manually chmod the directory to be accessible to Apache's www-data user, the files return the "Forbidden" error.
It looks like, by default on Ubuntu, Apache writes its logs with user root and group adm. How do I change this to user group www-data so web users can read them?
Googling this, some have suggested editing the value for APACHE_RUN_GROUP in /etc/apache2/envvars, but this is already set to www-data.
apache2
apache2
asked Apr 5 at 19:00
CerinCerin
1,283133957
asked Apr 5 at 19:00
CerinCerin
1,283133957
asked Apr 5 at 19:00
CerinCerin
1,283133957
asked Apr 5 at 19:00
CerinCerin
1,283133957
asked Apr 5 at 19:00
CerinCerin
1,283133957
1,283133957
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Beware that IP addresses can be protected identifiers in some jurisdictions. And other things that would be better to not be public. Secure production log files, perhaps visible to operations staff only to start.
In addition to chgrp www-data /var/log/apache2 you need to preserve the ownership of the log file as it is rotated. For Ubuntu, edit /etc/logrotate.d/apache2 to have a create directive readable by the web server, such as create 640 root www-data
As previously seen on Server Fault: How to make apache log files readable by apache
What you really could use is a centralized log aggregation system that ingests logs and slices and dices them. Any popular one will have a means of parsing httpd logs.
answered Apr 5 at 22:18
John MahowaldJohn Mahowald
8,5881713
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961749%2fchanging-default-apache-log-permissions%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Beware that IP addresses can be protected identifiers in some jurisdictions. And other things that would be better to not be public. Secure production log files, perhaps visible to operations staff only to start.
In addition to chgrp www-data /var/log/apache2 you need to preserve the ownership of the log file as it is rotated. For Ubuntu, edit /etc/logrotate.d/apache2 to have a create directive readable by the web server, such as create 640 root www-data
As previously seen on Server Fault: How to make apache log files readable by apache
What you really could use is a centralized log aggregation system that ingests logs and slices and dices them. Any popular one will have a means of parsing httpd logs.
answered Apr 5 at 22:18
John MahowaldJohn Mahowald
8,5881713
add a comment |
Beware that IP addresses can be protected identifiers in some jurisdictions. And other things that would be better to not be public. Secure production log files, perhaps visible to operations staff only to start.
In addition to chgrp www-data /var/log/apache2 you need to preserve the ownership of the log file as it is rotated. For Ubuntu, edit /etc/logrotate.d/apache2 to have a create directive readable by the web server, such as create 640 root www-data
As previously seen on Server Fault: How to make apache log files readable by apache
What you really could use is a centralized log aggregation system that ingests logs and slices and dices them. Any popular one will have a means of parsing httpd logs.
answered Apr 5 at 22:18
John MahowaldJohn Mahowald
8,5881713
add a comment |
Beware that IP addresses can be protected identifiers in some jurisdictions. And other things that would be better to not be public. Secure production log files, perhaps visible to operations staff only to start.
In addition to chgrp www-data /var/log/apache2 you need to preserve the ownership of the log file as it is rotated. For Ubuntu, edit /etc/logrotate.d/apache2 to have a create directive readable by the web server, such as create 640 root www-data
As previously seen on Server Fault: How to make apache log files readable by apache
What you really could use is a centralized log aggregation system that ingests logs and slices and dices them. Any popular one will have a means of parsing httpd logs.
answered Apr 5 at 22:18
John MahowaldJohn Mahowald
8,5881713
Beware that IP addresses can be protected identifiers in some jurisdictions. And other things that would be better to not be public. Secure production log files, perhaps visible to operations staff only to start.
In addition to chgrp www-data /var/log/apache2 you need to preserve the ownership of the log file as it is rotated. For Ubuntu, edit /etc/logrotate.d/apache2 to have a create directive readable by the web server, such as create 640 root www-data
As previously seen on Server Fault: How to make apache log files readable by apache
What you really could use is a centralized log aggregation system that ingests logs and slices and dices them. Any popular one will have a means of parsing httpd logs.
answered Apr 5 at 22:18
John MahowaldJohn Mahowald
8,5881713
answered Apr 5 at 22:18
John MahowaldJohn Mahowald
8,5881713
answered Apr 5 at 22:18
John MahowaldJohn Mahowald
8,5881713
answered Apr 5 at 22:18
John MahowaldJohn Mahowald
8,5881713
8,5881713
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961749%2fchanging-default-apache-log-permissions%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
