Accessing logs from a website - Resolved

tbirnseth · November 20, 2008, 5:50am

How can I make the log files accessible from a sub-domain’s public_html/${USER} directory?

I created a sub directory named ‘logs’. In ‘logs’ directory (public_html/${USER}/logs) I created 2 sym-links to the error_log and the access_log and chown’d them to user:user with the -h option (so the links are changed rather than the files they point to).

However, when I try to access the logs from my application, the read fails.

Is there a trick? Or can the httpd.conf file be setup to allow the access via a <Directory> directive somehow?

I tried adding an .htaccess file to the logs directory containg:
Options -Indexes IncludesNOEXEC FollowSymLinks ExecCGI
allow from all

But that doesn’t work either.

tony

Post edited by: tbirnseth, at: 2008/11/20 00:01<br><br>Post edited by: tbirnseth, at: 2008/11/20 07:39

Eric · November 20, 2008, 10:25am

After you’ve added the .htaccess file, what error shows up in the logs when you try to access the files in the logs directory?
-Eric

tbirnseth · November 20, 2008, 12:51pm

No error is generated. I do an fread() of the log to reformat and display in my log viewer. It’s a log listing along with my application’s logs. So the fread() simply fails and I generate an error in my application.

I’ve tried owner:group of ezom:ezom (the owner of the sub-domain) and apache:apache of the sym-links. Neither solution seems to allow.

I reduced the .htaccess file to:
Options FollowSymLinks
allow from all

Would having the directive for ‘SymLinksIfOwnerMatch’ help? I would think that would be a secondary step since it would be more restrictive.

Eric · November 20, 2008, 12:55pm

Ahh, then you aren’t actually dealing with an Apache error.

The FollowSymlink option is only for when Apache is handling the read of the logs – in this case, since the read is being done by your application, Apache is out of the loop.

In fact, at that point, you don’t actually need to use symlinks – try having your app open the files directly using /home/$USER/logs/error_log and see if you have more luck that way.
-Eric

tbirnseth · November 20, 2008, 1:23pm

Well, I have no idea why, but chaning the sym-links to be relative rather than absolute resolves the problem!!!
So the directory listing now looks like:

[code:1]
-sh-3.2$ ls -ld . *
drwxr-xr-x 2 ezom ezom 4096 2008-11-20 09:21 .
lrwxrwxrwx 1 ezom ezom 27 2008-11-20 09:21 access_log -> …/…/…/…/logs/access_log
-rw-r–r-- 1 ezom ezom 6399 2008-11-20 09:20 dbgGenericOrderXML.txt
lrwxrwxrwx 1 ezom ezom 26 2008-11-20 09:21 error_log -> …/…/…/…/logs/error_log
-rw-r–r-- 1 ezom ezom 6025 2008-11-20 09:20 genericOrderXML.txt
[/code:1]

Problem solved!

tbirnseth · June 7, 2009, 12:32pm

Maybe a little further info is required…
I keep my application logs in the logs directory. In my current production environment (other server) I also keep sym-links to the error and access logs. This allows my application to do a scandir() of the directory and return a list of logs to choose from. When selected, a fopen() is done of the log and I reverse the order so that most recent info is first. My log entires are separated by "\r\n" so that becomes the record delimiter.

When I login as ‘ezom’ and try to do a ‘more’ of the error_log from an ssh, I get “permission denied”. I would normally assume that the file (with ownership of apache:apache) does not have the ‘other’ read bits on, but it does. The permissions on the ‘logs’ directory seem correct (750 ezom:ezom). As I understand it, php/apache is running as setgid ‘ezom’ in this environment. The permissions of the /home/ezom/logs directory are:

[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-x— 2 ezom ezom 4096 2008-11-19 17:05 .
-rw-r–r-- 1 apache apache 104611 2008-11-20 09:05 access_log
-rw-r–r-- 1 apache apache 152632 2008-11-20 09:05 error_log
[/code:1]
And the public_html/test/om/logs permissions are:

[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-xr-x 2 ezom ezom 4096 2008-11-20 09:06 .
lrwxrwxrwx 1 ezom ezom 26 2008-11-20 01:44 access_log -> /home/ezms/logs/access_log
-rw-r–r-- 1 ezom ezom 6018 2008-11-20 09:09 dbgGenericOrderXML.txt
lrwxrwxrwx 1 ezom ezom 25 2008-11-20 01:43 error_log -> /home/ezms/logs/error_log
-rw-r–r-- 1 ezom ezom 5666 2008-11-20 09:09 genericOrderXML.txt
[/code:1]

tbirnseth · June 7, 2009, 12:32pm

Maybe a little further info is required…
I keep my application logs in the logs directory. In my current production environment (other server) I also keep sym-links to the error and access logs. This allows my application to do a scandir() of the directory and return a list of logs to choose from. When selected, a fopen() is done of the log and I reverse the order so that most recent info is first. My log entires are separated by "\r\n" so that becomes the record delimiter.

When I login as ‘ezom’ and try to do a ‘more’ of the error_log from an ssh, I get “permission denied”. I would normally assume that the file (with ownership of apache:apache) does not have the ‘other’ read bits on, but it does. The permissions on the ‘logs’ directory seem correct (750 ezom:ezom). As I understand it, php/apache is running as setgid ‘ezom’ in this environment. The permissions of the /home/ezom/logs directory are:

[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-x— 2 ezom ezom 4096 2008-11-19 17:05 .
-rw-r–r-- 1 apache apache 104611 2008-11-20 09:05 access_log
-rw-r–r-- 1 apache apache 152632 2008-11-20 09:05 error_log
[/code:1]
And the public_html/test/om/logs permissions are:

[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-xr-x 2 ezom ezom 4096 2008-11-20 09:06 .
lrwxrwxrwx 1 ezom ezom 26 2008-11-20 01:44 access_log -> /home/ezms/logs/access_log
-rw-r–r-- 1 ezom ezom 6018 2008-11-20 09:09 dbgGenericOrderXML.txt
lrwxrwxrwx 1 ezom ezom 25 2008-11-20 01:43 error_log -> /home/ezms/logs/error_log
-rw-r–r-- 1 ezom ezom 5666 2008-11-20 09:09 genericOrderXML.txt
[/code:1]