[Pkg-awstats-devel] RFC - cron-related stuff

Jonas Smedegaard dr at jones.dk
Sun Apr 12 17:31:28 UTC 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Apr 12, 2009 at 08:06:23PM +0400, Sergey B Kirpichev wrote:
>> But I find in inaccurate to call it lack of "working state": If 
>> AWStats by default analyzes Apache2 logfiles and store the result 
>> readable only by adm group (or some other group not by default 
>> containing other members than adm group) then AWStats is in a working 
>> state!
>>
>>    * log analyzer (default: output readable by adm group or by none)
>>    * log analysis browser (default: no data accessible to browse)
>> 
>> AWStats is designed without this separation: By default same config 
>> file is used for both tasks, requiring the backend security to be 
>> lowered.
>
>Ok.
>
>But my strong suspection is > 50% of users work with awstats package 
>both as log parser and web frontend (on the same host).

Same host, yes.  And it is also common to use same account (explicitly 
or through various indirections like the ones you've proposed) for both 
web and log environments, but we should discourage that.

I do not suggest we offer separate binary packages for each purpose, 
just that the single package strictly separates web and log operations.



>> >> Here's a proposal for a secure setup:
>> >> 2) Cron reads logs as root and pipes them (or cp to temp dir and 
>> >> chown)
>> >> 3) Cron invokes awstats as awstats, saving output accessible by 
>> >> awstats group
>> >> 4) Cron chmod and chown as root the output to match the input
>> >
>> >Looks too complicated.  What's wrong with my previous setup:
>> >
>> >        adduser --system --home /var/lib/awstats --shell /bin/sh --ingroup adm awstats
>> >        chown awstats:awstats /var/lib/awstats
>> >        chmod 0750 /var/lib/awstats
>> >?
>> 
>> With my proposal we only need to trust our tiny cron script running 
>> as root to not contain security flaws regarding access to adm data.
>
>Ok.  But we can use
>	
>	adduser --system --home /var/lib/awstats --shell /bin/sh awstats
>
>instead and suggest local admin to chgrp the parsed log files
>(only!) to awstats (in /etc/logrotate.d/apache2, for example).  And
>leave cron entry
>
>> >		*/10 * * * * awstats [ -x /usr/lib/cgi-bin/awstats.pl ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null
>
>It doesn't copy|pipe logs, no new awstats.pl wrappers.  Not bad?

There are sane reasons for protecting logfiles.

You now propose to only relax security for web logs. That is still the 
wrong approach: We should not promote weak security if possible to 
avoid.  And I believe it is with my proposal.

Why do you insist on solutions weakening security?  Do you not 
understand my proposal, or do you see/suspect flaws in it?


Kind regards,

  - Jonas

- -- 
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

  [x] quote me freely  [ ] ask before reusing  [ ] keep private
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkniJXAACgkQn7DbMsAkQLjzUQCZATbTCMuyCtLimUQ9dTFkdkdn
5DoAnir2c04Sr2TTRj1MX77CRwWkQ272
=0h/r
-----END PGP SIGNATURE-----

More information about the Pkg-awstats-devel mailing list