Apache log files - per site log files
Posted by simonw on Wed 30 Nov 2005 at 16:44
I want to hand out Apache access log files to hosted customers on a shared server for measurement purposes, at least weekly. I also want them to have access to "error.log" in near real time.
Looking at Debian Sarge Apache2 log files are created "root adm rw-r-----" when Apache2 runs as "www-data www-data", I assume thus it writing to them from the one Apache2 task listed as "root"?
The security docs say I mustn't allow customers "write" to the directory the log files are in, so I suspect I must use some keen permissions (or symbolic links) so the directory appears as "~/.logs" but isn't writable.
Whilst I can see a relatively simple solution with a "chmod" on the logrotate scripts, and a mess of symbolic links, I get the feeling I'm solving a problem solved a million times before (well many thousands of times).
Server doesn't have so many sites that I'm "that" worried about file handles.
split-logfile is too simple, as it doesn't seem to handle "ServerAlias"
Is there an elegant solution before I create my less than elegant solution?Can Apache be told to change its default log file permissions, or do I hack a umask into the startup script?