How to Make Apache Log Files Readable by Apache

apache-2.2log-files

I would like to make apache access log file readable by www-data (the user running the webserver) so I can serve it over HTTPS, to save me the trouble of SSHing to the server every time I want to check it.

I tried chmod o+r access.log, but it seems that the permissions are automatically reset to -rw-r----- 1 root adm.

Best Answer

In case you'r running a logrotate, which also sets the permissions of the new log files, that might be a good place to make the change. For example, this is a default apache2 logrotate on an Ubuntu server.

andreas@halleck:~$ sudo cat /etc/logrotate.d/apache2
/var/log/apache2/*.log {
    weekly
    missingok
    rotate 52
    compress
    dateext
    delaycompress
    notifempty
    create 640 root adm
    sharedscripts
    postrotate
        if [ -f "`. /etc/apache2/envvars ; echo ${APACHE_PID_FILE:-/var/run/apache2.pid}`" ]; then
            /etc/init.d/apache2 reload > /dev/null
        fi
    endscript
}

As you see there is a setting called create? Feel free to change it to whatever mode and ownership you want new log files to have. Also, here is how the create option is described in the logrotate(8) man file.

create mode owner group

Immediately after rotation (before the postrotate script is run) the log file is created (with the same name as the log file just rotated). mode specifies the mode for the log file in octal (the same as chmod(2)), owner specifies the user name who will own the log file, and group specifies the group the log file will belong to. Any of the log file attributes may be omitted, in which case those attributes for the new file will use the same values as the original log file for the omitted attributes. This option can be disabled using the nocreate option.

Related Topic