How can I make the log files accessible from a sub-domain's public_html/${USER} directory?
I created a sub directory named 'logs'. In 'logs' directory (public_html/${USER}/logs) I created 2 sym-links to the error_log and the access_log and chown'd them to user:user with the -h option (so the links are changed rather than the files they point to).
However, when I try to access the logs from my application, the read fails.
Is there a trick? Or can the httpd.conf file be setup to allow the access via a <Directory> directive somehow?
I tried adding an .htaccess file to the logs directory containg: Options -Indexes IncludesNOEXEC FollowSymLinks ExecCGI allow from all
But that doesn't work either.
tony
Post edited by: tbirnseth, at: 2008/11/20 00:01<br><br>Post edited by: tbirnseth, at: 2008/11/20 07:39
After you've added the .htaccess file, what error shows up in the logs when you try to access the files in the logs directory?
-Eric
No error is generated. I do an fread() of the log to reformat and display in my log viewer. It's a log listing along with my application's logs. So the fread() simply fails and I generate an error in my application.
I've tried owner:group of ezom:ezom (the owner of the sub-domain) and apache:apache of the sym-links. Neither solution seems to allow.
I reduced the .htaccess file to:
Options FollowSymLinks
allow from all
Would having the directive for 'SymLinksIfOwnerMatch' help? I would think that would be a secondary step since it would be more restrictive.
Ahh, then you aren't actually dealing with an Apache error.
The FollowSymlink option is only for when Apache is handling the read of the logs -- in this case, since the read is being done by your application, Apache is out of the loop.
In fact, at that point, you don't actually need to use symlinks -- try having your app open the files directly using /home/$USER/logs/error_log and see if you have more luck that way.
-Eric
Maybe a little further info is required...
I keep my application logs in the logs directory. In my current production environment (other server) I also keep sym-links to the error and access logs. This allows my application to do a scandir() of the directory and return a list of logs to choose from. When selected, a fopen() is done of the log and I reverse the order so that most recent info is first. My log entires are separated by "\r\n" so that becomes the record delimiter.
When I login as 'ezom' and try to do a 'more' of the error_log from an ssh, I get "permission denied". I would normally assume that the file (with ownership of apache:apache) does not have the 'other' read bits on, but it does. The permissions on the 'logs' directory seem correct (750 ezom:ezom). As I understand it, php/apache is running as setgid 'ezom' in this environment. The permissions of the /home/ezom/logs directory are:
[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-x--- 2 ezom ezom 4096 2008-11-19 17:05 .
-rw-r--r-- 1 apache apache 104611 2008-11-20 09:05 access_log
-rw-r--r-- 1 apache apache 152632 2008-11-20 09:05 error_log
[/code:1]
And the public_html/test/om/logs permissions are:
[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-xr-x 2 ezom ezom 4096 2008-11-20 09:06 .
lrwxrwxrwx 1 ezom ezom 26 2008-11-20 01:44 access_log -> /home/ezms/logs/access_log
-rw-r--r-- 1 ezom ezom 6018 2008-11-20 09:09 dbgGenericOrderXML.txt
lrwxrwxrwx 1 ezom ezom 25 2008-11-20 01:43 error_log -> /home/ezms/logs/error_log
-rw-r--r-- 1 ezom ezom 5666 2008-11-20 09:09 genericOrderXML.txt
[/code:1]
Maybe a little further info is required...
I keep my application logs in the logs directory. In my current production environment (other server) I also keep sym-links to the error and access logs. This allows my application to do a scandir() of the directory and return a list of logs to choose from. When selected, a fopen() is done of the log and I reverse the order so that most recent info is first. My log entires are separated by "\r\n" so that becomes the record delimiter.
When I login as 'ezom' and try to do a 'more' of the error_log from an ssh, I get "permission denied". I would normally assume that the file (with ownership of apache:apache) does not have the 'other' read bits on, but it does. The permissions on the 'logs' directory seem correct (750 ezom:ezom). As I understand it, php/apache is running as setgid 'ezom' in this environment. The permissions of the /home/ezom/logs directory are:
[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-x--- 2 ezom ezom 4096 2008-11-19 17:05 .
-rw-r--r-- 1 apache apache 104611 2008-11-20 09:05 access_log
-rw-r--r-- 1 apache apache 152632 2008-11-20 09:05 error_log
[/code:1]
And the public_html/test/om/logs permissions are:
[code:1]
[root@linux1 logs]# r ls
ls -ld . *
drwxr-xr-x 2 ezom ezom 4096 2008-11-20 09:06 .
lrwxrwxrwx 1 ezom ezom 26 2008-11-20 01:44 access_log -> /home/ezms/logs/access_log
-rw-r--r-- 1 ezom ezom 6018 2008-11-20 09:09 dbgGenericOrderXML.txt
lrwxrwxrwx 1 ezom ezom 25 2008-11-20 01:43 error_log -> /home/ezms/logs/error_log
-rw-r--r-- 1 ezom ezom 5666 2008-11-20 09:09 genericOrderXML.txt
[/code:1]
Well, I have no idea why, but chaning the sym-links to be relative rather than absolute resolves the problem!!!!
So the directory listing now looks like:
[code:1]
-sh-3.2$ ls -ld . *
drwxr-xr-x 2 ezom ezom 4096 2008-11-20 09:21 .
lrwxrwxrwx 1 ezom ezom 27 2008-11-20 09:21 access_log -> ../../../../logs/access_log
-rw-r--r-- 1 ezom ezom 6399 2008-11-20 09:20 dbgGenericOrderXML.txt
lrwxrwxrwx 1 ezom ezom 26 2008-11-20 09:21 error_log -> ../../../../logs/error_log
-rw-r--r-- 1 ezom ezom 6025 2008-11-20 09:20 genericOrderXML.txt
[/code:1]
Problem solved!