Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Apache log files for public_html
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1351

PostPosted: Sat Apr 15, 2017 1:56 am    Post subject: Apache log files for public_html Reply with quote

I am setting up a user account on a Gentoo server to do some testing of a web application.
the user does not have root access, and will be running the applications from ${home}/public_html
I got the .htaccess and the web app working but how can I give him his own apache error.log?
_________________
Donate to Gentoo
Back to top
View user's profile Send private message
sebaro
Veteran
Veteran


Joined: 03 Jul 2006
Posts: 1129
Location: Romania

PostPosted: Sat Apr 15, 2017 7:36 am    Post subject: Reply with quote

Use "ErrorLog" directive:
http://httpd.apache.org/docs/current/mod/core.html#errorlog
Code:
ErrorLog "/home/[USER]/apache.log"
Back to top
View user's profile Send private message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1351

PostPosted: Sat Apr 15, 2017 5:31 pm    Post subject: Reply with quote

sebaro wrote:
Use "ErrorLog" directive:
http://httpd.apache.org/docs/current/mod/core.html#errorlog
Code:
ErrorLog "/home/[USER]/apache.log"


Thanks sebaro, if I add that the the users .htaccess file
Apache barfs and says
Quote:
/home/chris/public_html/.htaccess: ErrorLog not allowed here

I think I need to do some kind of system wide setting?

EDIT I tried a few more things:
Quote:
/home/chris/public_html/.htaccess: Directory not allowed here



This is my my 00_vhost.conf
Code:

<Directory /home/*/public_html>
            #AllowOverride All
            AllowOverride FileInfo Indexes Authconfig
            Options Indexes FollowSymLinks MultiViews
</Directory>

_________________
Donate to Gentoo
Back to top
View user's profile Send private message
sebaro
Veteran
Veteran


Joined: 03 Jul 2006
Posts: 1129
Location: Romania

PostPosted: Sat Apr 15, 2017 7:14 pm    Post subject: Reply with quote

http://httpd.apache.org/docs/current/mod/core.html#errorlog
Quote:
Context: server config, virtual host

Directives that can be added in the htaccess file must have the ". htaccess" context, ErrorLog doesn't have it.
So you have to put ErrorLog directive in the apache virtual host config file, not in the <Directory> directive.
Back to top
View user's profile Send private message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1351

PostPosted: Sat Apr 15, 2017 7:33 pm    Post subject: Reply with quote

sebaro wrote:
http://httpd.apache.org/docs/current/mod/core.html#errorlog
Quote:
Context: server config, virtual host

Directives that can be added in the htaccess file must have the ". htaccess" context, ErrorLog doesn't have it.
So you have to put ErrorLog directive in the apache virtual host config file, not in the <Directory> directive.


I see Yeah I am struggling with the apache docs I see now the "Context"
My goal is for each persons home directory to contain a .apache_error.log
So thats back to what I tried first

Code:
   <Directory /home/*/public_html>
        Options Indexes FollowSymLinks MultiViews
        #AllowOverride FileInfo Indexes Authconfig
        #AllowOverride All Options
        AllowOverride All
        Require all granted
        #ErrorLog "/home/*/.apache_error_log"
</Directory>


EDIT getting closer:
I believe the %1 will use the home dire name:
Code:
<Directory /home/*/public_html>
        Options Indexes FollowSymLinks MultiViews
        #AllowOverride FileInfo Indexes Authconfig
        #AllowOverride All Options
        AllowOverride All
        Require all granted
        ErrorLog "/home/%1/.apache_error_log"
</Directory>

this does not throw a syntax error but says its not allowed here
_________________
Donate to Gentoo
Back to top
View user's profile Send private message
sebaro
Veteran
Veteran


Joined: 03 Jul 2006
Posts: 1129
Location: Romania

PostPosted: Sat Apr 15, 2017 7:59 pm    Post subject: Reply with quote

Directory is not in ErrorLog's Context list, so you can't use it there. You have to put it outside.

To get what you want you have to use a script instead of file, the script will append to the log for each user.
Code:
ErrorLog "|/path/to/script"
Back to top
View user's profile Send private message
turtles
Veteran
Veteran


Joined: 31 Dec 2004
Posts: 1351

PostPosted: Sat Apr 15, 2017 8:25 pm    Post subject: Reply with quote

sebaro wrote:
Directory is not in ErrorLog's Context list, so you can't use it there. You have to put it outside.

To get what you want you have to use a script instead of file, the script will append to the log for each user.
Code:
ErrorLog "|/path/to/script"



That's getting complex and I imagine I would slow down the server to call bash every time?

I was just playing around with
Code:
SetEnvIf Request_URI "^/~([^/]+)/.*$" username=$1
CustomLog /home/${username}/.apache2.log combined


Or perhaps the 'adm' group could be used to give users read permission.

EDIT: I am testing out
Code:
chgrp -R adm /var/log/apache2/

Then adding users to that group that have a reason the view the log files.
The potential security issue is that all users can view the entire log.
_________________
Donate to Gentoo
Back to top
View user's profile Send private message
sebaro
Veteran
Veteran


Joined: 03 Jul 2006
Posts: 1129
Location: Romania

PostPosted: Sun Apr 16, 2017 6:58 am    Post subject: Reply with quote

Try this:
https://serverfault.com/questions/441421/per-user-vhost-logging

Create two scripts like in the page, one for requests (CustomLog), one for errors (ErrorLog):

Code:

CustomLog "|/path/to/apache-requests-logger"
ErrorLog "|/path/to/apache-errors-logger"


Or use the group solution or you can put the logs in a user readable directory (eg: /opt).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum