| View previous topic :: View next topic |
| Author |
Message |
turtles
Veteran
Joined: 31 Dec 2004
Posts: 1658
|
 Posted: Sat Apr 15, 2017 1:56 am Post subject: Apache log files for public_html |
 |
|
I am setting up a user account on a Gentoo server to do some testing of a web application.
the user does not have root access, and will be running the applications from ${home}/public_html
I got the .htaccess and the web app working but how can I give him his own apache error.log?
_________________
Donate to Gentoo |
|
| Back to top |
|
 |
sebaro
Veteran
Joined: 03 Jul 2006
Posts: 1141
Location: Romania
|
|
| Back to top |
|
|
turtles
Veteran
Joined: 31 Dec 2004
Posts: 1658
|
| Posted: Sat Apr 15, 2017 5:31 pm Post subject: |
|
|
Thanks sebaro, if I add that the the users .htaccess file
Apache barfs and says | Quote: | | /home/chris/public_html/.htaccess: ErrorLog not allowed here |
I think I need to do some kind of system wide setting?
EDIT I tried a few more things:
| Quote: | | /home/chris/public_html/.htaccess: Directory not allowed here |
This is my my 00_vhost.conf
| Code: |
<Directory /home/*/public_html>
#AllowOverride All
AllowOverride FileInfo Indexes Authconfig
Options Indexes FollowSymLinks MultiViews
</Directory>
|
_________________
Donate to Gentoo |
|
| Back to top |
|
|
sebaro
Veteran
Joined: 03 Jul 2006
Posts: 1141
Location: Romania
|
| Posted: Sat Apr 15, 2017 7:14 pm Post subject: |
|
|
http://httpd.apache.org/docs/current/mod/core.html#errorlog
| Quote: | | Context: server config, virtual host |
Directives that can be added in the htaccess file must have the ". htaccess" context, ErrorLog doesn't have it.
So you have to put ErrorLog directive in the apache virtual host config file, not in the <Directory> directive. |
|
| Back to top |
|
|
turtles
Veteran
Joined: 31 Dec 2004
Posts: 1658
|
| Posted: Sat Apr 15, 2017 7:33 pm Post subject: |
|
|
| sebaro wrote: | http://httpd.apache.org/docs/current/mod/core.html#errorlog
| Quote: | | Context: server config, virtual host |
Directives that can be added in the htaccess file must have the ". htaccess" context, ErrorLog doesn't have it.
So you have to put ErrorLog directive in the apache virtual host config file, not in the <Directory> directive. |
I see Yeah I am struggling with the apache docs I see now the "Context"
My goal is for each persons home directory to contain a .apache_error.log
So thats back to what I tried first
| Code: | <Directory /home/*/public_html>
Options Indexes FollowSymLinks MultiViews
#AllowOverride FileInfo Indexes Authconfig
#AllowOverride All Options
AllowOverride All
Require all granted
#ErrorLog "/home/*/.apache_error_log"
</Directory> |
EDIT getting closer:
I believe the %1 will use the home dire name:
| Code: | <Directory /home/*/public_html>
Options Indexes FollowSymLinks MultiViews
#AllowOverride FileInfo Indexes Authconfig
#AllowOverride All Options
AllowOverride All
Require all granted
ErrorLog "/home/%1/.apache_error_log"
</Directory> |
this does not throw a syntax error but says its not allowed here
_________________
Donate to Gentoo |
|
| Back to top |
|
|
sebaro
Veteran
Joined: 03 Jul 2006
Posts: 1141
Location: Romania
|
| Posted: Sat Apr 15, 2017 7:59 pm Post subject: |
|
|
Directory is not in ErrorLog's Context list, so you can't use it there. You have to put it outside.
To get what you want you have to use a script instead of file, the script will append to the log for each user.
| Code: | | ErrorLog "|/path/to/script" |
|
|
| Back to top |
|
|
turtles
Veteran
Joined: 31 Dec 2004
Posts: 1658
|
| Posted: Sat Apr 15, 2017 8:25 pm Post subject: |
|
|
| sebaro wrote: | Directory is not in ErrorLog's Context list, so you can't use it there. You have to put it outside.
To get what you want you have to use a script instead of file, the script will append to the log for each user.
| Code: | | ErrorLog "|/path/to/script" |
|
That's getting complex and I imagine I would slow down the server to call bash every time?
I was just playing around with
| Code: | SetEnvIf Request_URI "^/~([^/]+)/.*$" username=$1
CustomLog /home/${username}/.apache2.log combined |
Or perhaps the 'adm' group could be used to give users read permission.
EDIT: I am testing out
| Code: | | chgrp -R adm /var/log/apache2/ |
Then adding users to that group that have a reason the view the log files.
The potential security issue is that all users can view the entire log.
_________________
Donate to Gentoo |
|
| Back to top |
|
|
sebaro
Veteran
Joined: 03 Jul 2006
Posts: 1141
Location: Romania
|
| Posted: Sun Apr 16, 2017 6:58 am Post subject: |
|
|
Try this:
https://serverfault.com/questions/441421/per-user-vhost-logging
Create two scripts like in the page, one for requests (CustomLog), one for errors (ErrorLog):
| Code: |
CustomLog "|/path/to/apache-requests-logger"
ErrorLog "|/path/to/apache-errors-logger"
|
Or use the group solution or you can put the logs in a user readable directory (eg: /opt). |
|
| Back to top |
|
|
|
Networking & Security
