Results 1 to 11 of 11
  1. #1
    Join Date
    Mar 2004
    Location
    Toronto
    Posts
    51

    HELP! /home/username/logs/access_log being written as root

    Hi guys,

    Just as the title says... I setup a CustomLog to write access_log to the above noted directoy structure but two things are happening:

    1) owner and group is being written as "root". When it was setup to use the domlogs/directory at least they were being written as root/user-account

    2) File permissions are: "-rw-r--r--". When it was setup to use the domlogs directory the permissions were setup as: "-rw-r-----"

    Can anyone help me figure out how to get the ownership/group and file permissions more secure like they were when I had logs writting to "domlogs"?

    Thanks!!!

    Aaron

  2. #2
    Join Date
    Mar 2004
    Location
    Toronto
    Posts
    51
    bump... no one has a clue?

  3. #3
    Join Date
    Aug 2002
    Location
    UK
    Posts
    846
    Code:
    [[email protected] home]# ls -al
    total 5
    drwxr-xr-x    4 root     root           72 Mar 26 01:28 .
    drwxr-xr-x   19 root     root         4096 Mar 26 00:22 ..
    drwxr-xr-x    2 root     root           48 Mar 26 01:28 test
    [[email protected] home]# cd test
    [[email protected] test]# echo > test1
    [[email protected] test]# ls -al
    total 5
    drwxr-xr-x    2 root     root           72 Mar 26 01:28 .
    drwxr-xr-x    4 root     root           72 Mar 26 01:28 ..
    -rw-r--r--    1 root     root            1 Mar 26 01:28 test1
    [[email protected] test]# cd ..
    [[email protected] home]# chgrp users test/
    [[email protected] home]# chmod g+s test/
    [[email protected] home]# ls -al
    total 5
    drwxr-xr-x    4 root     root           72 Mar 26 01:28 .
    drwxr-xr-x   19 root     root         4096 Mar 26 00:22 ..
    drwxr-sr-x    2 root     users          72 Mar 26 01:28 test
    [[email protected] home]# cd test/
    [[email protected] test]# echo > test2
    [[email protected] test]# ls -al
    total 9
    drwxr-sr-x    2 root     users          96 Mar 26 01:28 .
    drwxr-xr-x    4 root     root           72 Mar 26 01:28 ..
    -rw-r--r--    1 root     root            1 Mar 26 01:28 test1
    -rw-r--r--    1 root     users           1 Mar 26 01:28 test2
    using g+s on a directory means any files created in said directory will be owned by the same group as the directory.


    edit: it also means that any binaries in there will be executed with the permissions of said group, so be careful.

  4. #4
    Join Date
    Mar 2004
    Location
    Toronto
    Posts
    51
    I'm sorry... I must be a dolt today (little sleep ) but can you explain what you posted means in relation to what I posted?

    I know.. dumb-*** alert

    A

  5. #5
    What he is suggesting is that you "chmod g+s" the directory containing the logs, and that you chgrp the directory also. This makes new files created by root in that directory belong to the group of the directory.

    I think (I'd have to check) that you can do the same thing with the setuid bit (chmod u+s) so they will be owned by the directory owner. This is probably not a great idea, though... there may be some security implications here.

  6. #6
    Join Date
    Mar 2004
    Location
    Toronto
    Posts
    51
    Ok!

    I see what you guys are saying!

    Next question (if you don't mind). Does it HURT to have user as the owner and group of the files in the directory ????

    Thanks!

    Aaron

  7. #7
    Join Date
    Aug 2002
    Location
    UK
    Posts
    846
    define 'user'?

  8. #8
    Join Date
    Mar 2004
    Location
    Toronto
    Posts
    51
    Hi there,

    Sorry for the late reply.

    User = account name.

    Eg: /home/account_name/....

    Make sense?

    A

  9. #9
    Join Date
    Jun 2003
    Posts
    673
    No, setting the setuid or setgid bit on a directory will not automatically cause the files in that directory to be setuid or setgid.

  10. #10
    Join Date
    Mar 2004
    Location
    Toronto
    Posts
    51
    Originally posted by dan_erat
    No, setting the setuid or setgid bit on a directory will not automatically cause the files in that directory to be setuid or setgid.
    ummm... HUH?

  11. #11
    Join Date
    Jun 2003
    Posts
    673
    Sorry, that was a reply to Winkie's first post in this thread.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •