| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu Linux 22.04.4 |
| Webmin version | 2.111 |
| Usermin version | 2.010 |
| Virtualmin version | 7.10.0 |
| Theme version | 21.10 |
| Package updates | All installed packages are up to date |
User System Admin User is logged in.
gone to Virtualmin -> Logs and Reports -> PHP Error Log
and gets this Error: You are not allowed to view this extra log
I do not understand why.
The authentic theme seems to throw issues sometimes it maybe worth changing the theme to something else and back again or just clearing the cache IDK, however I have modified the authentic theme to suit myself so this may be irrelevant
Tx. sadly cache clear and change of theme to Framed has had no effect.
I have had a look at this VS and (as root) cannot find the PHP log where it is listed under PHP-FPM Configuration -> Error Logging
and checking the configuration manually
php_value[error_log] = the correct location + file name
and
php_value[log_errors] = On
so at a loss 
so this is switched on ?
No
It had already been set as custom because the log had not been visible to the System Admin when he logged in and viewed a sub domain.
hence my manual check above regarding the configuration
(the php_value[error_log] does point to a location + file name that is where the System Admin can see it - but it is not being generated for some reason.
if I set it back to “Default” then I can see it but again if I go to Manage Virtual Server -> Switch To Server's Admin it is no longer visible and I get the same error as the user reported
This must be a bug somewhere I have just set a domain as you have set up and also hit the same error maybe one for the @staff to look at
How does it set now?
Mine is set exactly as @Stegan is set so I can confirm you can not read the php error log of a sub server
As far as I can tell after making the setting (as root) to use a configured log it shows the same in the manual configuration as expected but nothing end up there (the log is not even created) should it?- there are new messages in the default log (when I revert it back to default).
I was trying to change the log to a location that the System Admin could see and in the sub server (mysubserver.mydomain.com) the System Admin when logging in on his PC (Windows+Chrome) gets the error as in the OP and so do I, if I use the menu to switch to System Admin.
There were no other changes or other issues on this (relatively) new VM other than those [crit] errors in the nginx log (I am assuming the suggestion to ignore them was solid. I will have a read of fail2ban this weekend. But am pretty sure they are unrelated to this.
@Jamie, is this an artifact of fixing a bug in the past to prevent random logs/files from being read? I think we should allow the logviewer module to read any file under the user’s home directory when logged in as the domain owner? Though we should disallow reading on symlinks.
We may need to set the ACL on the logviewer module to allow viewing of the PHP error log.
Although, from looking at the code, that’s already happening.
@Stegan can you post the contents of the file /etc/webmin/logviewer/XYZ.acl , where XYZ is the login of the domain owner?
extras=/var/log/virtualmin/{domain}.com_access_log /var/log/virtualmin/{domain}.com_error_log /var/log/virtualmin/{sub}.{domain}.com_access_log /var/log/virtualmin/{sub}.{domain}.com_error_log
syslog=0
noedit=1
noconfig=1
any=0
Interesting that this is missing the PHP error logs.
If you login as root, select the domain, click Edit Virtual Server and click Save, does this file get updated?
Not really but there is a change -
I now get this (as root) which might be a little more informative?
(the obscured bit is /{system user}/{sub} - a valid file manager location owned by the user:group where I have place a test.txt file just to reassure myself that it can be accessed.
and it can be seen and edited by the System Admin
so something is not creating or filling the “custom” log file
Does that php_auth0_error_log file exist at all? Or is it just an empty file?
It does not exist. but as I said: I created a test file called test.txt just to prove to myself and the system admin that a file in that location was getting an ACL and that was not the problem.
So (as that worked) and at least stopped the Error, I have just created another file with the same name as placed in the PHP-FPM Configuration -> Error Logging (note the image in the settings does not capture the full file name as the text box - the file ends .log)
but even now it is not being overwritten with php errors. (this file should at minimum be being overwritten/filled with the php errors.)
I think I would be inclined to return it all to stock, make sure that php errors are being logged for the master admin (who can see sub server php logs). Then at least everyone is on a level playing field, making sure the fpm config file reflects the changes back to stock
Yes I did that before - just to reassure myself that php errors were actually appearing in the default log (which they were) then changed the setting as shown - the “new” file still gets nothing. the system admin can at least now see the test log file and not an error.
Who owns that file root or the domain owner ?
