How can I make the log files accessible from a sub-domain’s public_html/${USER} directory?
I created a sub directory named ‘logs’. In ‘logs’ directory (public_html/${USER}/logs) I created 2 sym-links to the error_log and the access_log and chown’d them to user:user with the -h option (so the links are changed rather than the files they point to).
However, when I try to access the logs from my application, the read fails.
Is there a trick? Or can the httpd.conf file be setup to allow the access via a <Directory> directive somehow?
I tried adding an .htaccess file to the logs directory containg:
Options -Indexes IncludesNOEXEC FollowSymLinks ExecCGI
allow from all
No error is generated. I do an fread() of the log to reformat and display in my log viewer. It’s a log listing along with my application’s logs. So the fread() simply fails and I generate an error in my application.
I’ve tried owner:group of ezom:ezom (the owner of the sub-domain) and apache:apache of the sym-links. Neither solution seems to allow.
I reduced the .htaccess file to:
Options FollowSymLinks
allow from all
Would having the directive for ‘SymLinksIfOwnerMatch’ help? I would think that would be a secondary step since it would be more restrictive.
Ahh, then you aren’t actually dealing with an Apache error.
The FollowSymlink option is only for when Apache is handling the read of the logs – in this case, since the read is being done by your application, Apache is out of the loop.
In fact, at that point, you don’t actually need to use symlinks – try having your app open the files directly using /home/$USER/logs/error_log and see if you have more luck that way.
-Eric
Well, I have no idea why, but chaning the sym-links to be relative rather than absolute resolves the problem!!!
So the directory listing now looks like:
Maybe a little further info is required…
I keep my application logs in the logs directory. In my current production environment (other server) I also keep sym-links to the error and access logs. This allows my application to do a scandir() of the directory and return a list of logs to choose from. When selected, a fopen() is done of the log and I reverse the order so that most recent info is first. My log entires are separated by "\r\n" so that becomes the record delimiter.
When I login as ‘ezom’ and try to do a ‘more’ of the error_log from an ssh, I get “permission denied”. I would normally assume that the file (with ownership of apache:apache) does not have the ‘other’ read bits on, but it does. The permissions on the ‘logs’ directory seem correct (750 ezom:ezom). As I understand it, php/apache is running as setgid ‘ezom’ in this environment. The permissions of the /home/ezom/logs directory are:
[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-x— 2 ezom ezom 4096 2008-11-19 17:05 .
-rw-r–r-- 1 apache apache 104611 2008-11-20 09:05 access_log
-rw-r–r-- 1 apache apache 152632 2008-11-20 09:05 error_log
[/code:1]
And the public_html/test/om/logs permissions are:
Maybe a little further info is required…
I keep my application logs in the logs directory. In my current production environment (other server) I also keep sym-links to the error and access logs. This allows my application to do a scandir() of the directory and return a list of logs to choose from. When selected, a fopen() is done of the log and I reverse the order so that most recent info is first. My log entires are separated by "\r\n" so that becomes the record delimiter.
When I login as ‘ezom’ and try to do a ‘more’ of the error_log from an ssh, I get “permission denied”. I would normally assume that the file (with ownership of apache:apache) does not have the ‘other’ read bits on, but it does. The permissions on the ‘logs’ directory seem correct (750 ezom:ezom). As I understand it, php/apache is running as setgid ‘ezom’ in this environment. The permissions of the /home/ezom/logs directory are:
[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-x— 2 ezom ezom 4096 2008-11-19 17:05 .
-rw-r–r-- 1 apache apache 104611 2008-11-20 09:05 access_log
-rw-r–r-- 1 apache apache 152632 2008-11-20 09:05 error_log
[/code:1]
And the public_html/test/om/logs permissions are: