[Pkg-awstats-devel] RFC - cron-related stuff
Sergey B Kirpichev
skirpichev at gmail.com
Sun Apr 12 17:56:09 UTC 2009
On Sun, Apr 12, 2009 at 07:31:28PM +0200, Jonas Smedegaard wrote:
> >instead and suggest local admin to chgrp the parsed log files
> >(only!) to awstats (in /etc/logrotate.d/apache2, for example). And
> >leave cron entry
> >
> >> > */10 * * * * awstats [ -x /usr/lib/cgi-bin/awstats.pl ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null
> >
> >It doesn't copy|pipe logs, no new awstats.pl wrappers. Not bad?
>
> Why do you insist on solutions weakening security? Do you not
> understand my proposal, or do you see/suspect flaws in it?
I don't see any flaws in my modification (it's equal to your proposal in
security aspect):
By default awstats user has NO access to log files (adm group). Only when a
local admin chgrp to awstats them (explicitely) - then awstats will have a
readonly access. It's simple and a bit easy to support. No new (buggy ;-))
wrappers for awstats.pl in cron.d/awstats.
More information about the Pkg-awstats-devel
mailing list