I installed awstats on my new Ubuntu Lucid server, but when cron tries to run it as user www-data
, it complains that cannot access /var/log/apache2/access.log: Permission denied
.
In /usr/share/doc/awstats/README.Debian
there's this paragraph:
By default Apache stores (since
version 1.3.22-1) logfiles with
uid=root and gid=adm, so you need to
either…1) Change the rights of the logfiles
in /etc/logrotate.d/apache so that
www-data has at least read access.2) As 1) but change to a specific
user, and use the suEXEC feature of
Apache
to run as same user (and either change the right of /var/lib/awstats
as
well or use another directory). This is more complicated, but then the
logs
are not generally accessible to the server (which was probably the
point of
the Apache default).3) Change awstats.pl to group adm
(but beware that you are then taking
the
risk of allowing a CGI-script access to admin stuff on the
machine!).
I'd go with 1, but what are the recommended permissions to grant?
Best Answer
If you go for point 1 and it says that www-data should have at least read permission then the recomended is grant only read.
You can alter the line (in logrotate file):
to
To give all users (www-data included) read permission.
You'll need to change permissions existent files in /var/log/apache2/ to match this setting
Then all the files can be read by all users and all the files that logrotate create in the future will have the adecuate permissions