I set up a new Linode Cloud instance/server with VirtuaMin and migrated a site that used to be hosted on CentOS over to Ubuntu 14.01… in the process the default location of the logs ended up pointing to
Previously they were inside the /home/mydomain/logs
directory… and accessible by anyone who had the domain admin/sftp log in credentials.
But the current location is only accessible by root and I don’t want to give that out to the devs who work in the site… but they need to see the logs.
OK, so in Virtual Min it seems simple enough just to change the paths to /home/myDomain/logs/access_log ; /home/myDomain/logs/error_log
Also It would seem that I need to chown those logs to myDomainOwner:myDomainOwner… so all the devs to tail these in the terminal.
and things should works just fine… BUT I do wonder if this is going to break any default VM scripts that gzip the logs and rotate them up to 7 iterations etc… OR, will the new paths be taken into consideration by the methods that do that cron job? I don’t want to break anything.
Side notes on new forums:
Can you please also remind me how to subscribe to my own posts or any threads? there is no check box for “watching” or “Subscribing” in this UI for make new topic…
how do you search a specific forum… there is no search box here in this environment?
Addendum: OK I was wrong the logs are not owned by root they are owned by the domain owner but have a peculiar group assignment that just looks wrong to me.
-rw-rw---- 1 myDomain www-data 251429909 Apr 16 18:02 mydomain.com_access_log
if I chown those to myDomain:myDomain… will anything break?
katir: If I understand what it is you want to do, I wonder why you would need to make any changes. My Ubuntu Virtualmin server is set up for me already as below:
My Ubuntu weblogs are owner:www-data (except one, whose access logs are root:www-data for unknown reason - I suppose it shouldn’t be. Maybe due to the choice of service plan for that domain?)
I would leave the log’s ownership as-is so www-data scripts can process the access and error logs.
To enable your domain owners to get at these logs, create a symbolic link in the /home/domain directory to the virtualmin directory (avoid linking to the files themselves - their descriptor numbers change).
ln -s /var/log/virtualmin /home/username/logs (or similar)
Again, this is how I find my Virtualmin system already set up. Perhaps they did not do this for other operating systems?
Good Idea… .but the root problem remains: a dev that logs in as the domain owner for that virtual server only… gets “Permission Denied” when clicking on the symbolic link… So presently, only root has access to logs… and that is “just wrong”
@katir: Did you actually try this? It is the solution we provided to our customers at the ISP I worked for, and I just confirmed it works in my Ubuntu server. Even though the Apache logs are in a directory owned by root, the symbolic link lets the domain owner go there anyway. But he can only see his own files, of course. And Virtualmin has already set it up exactly like this by default.
yes, I did try it but in order to run that command I had to act as root… so the symbolic link was owned by root.
I had to run
chown [serverDomainOwner]:[serverDomainOwner] /home/serverDomainOwner/logs/virtualminLogs
then it works as expected. the user can log in and access those logs (just his own)
Thanks! Case closed