Bug with keeping logs?

zEitEr · Dec 4, 2010

In that lines, there's nothing that would change owner of logs dir.

Richard G · Dec 4, 2010

Correct, that's why I find it strange that it got to user:user on a default install.

But I remember on another fresh install that I've seen it also as root:root. I don't get it anymore.

LawsHosting · Dec 4, 2010

Maybe this will help

http://www.directadmin.com/forum/showpost.php?p=11057&postcount=2

Think its to do with them being logrotated, they need to be root?

Richard G · Dec 4, 2010

The logs are owned by root, that's not the problem.
The problem is that the logs directory is sometimes owned by root and sometimes by the user.

There is another flaw by the way, being that a client can read any other client's logs in /var/log/httpd/domains/domain*.log when they know the domain name. Which should not be hard to get.

DirectAdmin Support · Dec 5, 2010

Hello,

We chganged the default a few versions ago:
http://www.directadmin.com/features.php?id=954

Looking at it more, we may need to use:
root:user 750

to have both privacy, accessibility, and to prevent Users from deleting them.

John

Richard G · Dec 5, 2010

That would be better indeed. This way not only users but also hackers when they hack the user account can't delete them.

Any thoughts about any customer can read another customers domain log at
/var/log/httpd/domains/domain*.log?
Maybe these can be chmod to 640? Or is this an OS issue?

DirectAdmin Support · Dec 5, 2010

/var/log/httpd should be root:root 700. They're not public.

John

Richard G · Dec 5, 2010

That's strange then. At all 4 DA servers i just checked and its 755 for directory and 644 on logs. Even the newly setup DA server:
drwxr-xr-x 3 root root 4.0K Dec 5 04:04 httpd
-rw-r--r-- 1 root root 1.2K Dec 5 18:56 access_log

zEitEr · Dec 5, 2010

Directadmin doesn't change rights for directories in /var/log/.
It's up to administrator to change them, I suppose.

DirectAdmin Support · Dec 5, 2010

I just checked the installer, and can confirm zEitEr's findings.
I've added a chmod 700 /var/log/httpd to the installer.

John

Richard G · Dec 5, 2010

Great Johan, thank you!

Could you help me with a command to change all logs directory's in the /home/*/domains/*/logs backup to root:user?

I have:

/home | grep '^d' | awk '{system("chown -R " $3 ":" $4 " /home/" $4 "/domains")}'

But this changes all directory's to user:user, I only need the logs directory to be changed and I'm no good with grep.

zEitEr · Dec 6, 2010

Not in one line, but still working code:

Code:

for username in `ls -1 /usr/home/`;
do
    if [ -d "/usr/home/${username}/domains/" ]; then
        chmod 750 /usr/home/${username}/domains/*/logs/
        chown root:${username} /usr/home/${username}/domains/*/logs/
    fi;
done;

zEitEr · Dec 6, 2010

One line code:

Code:

ls -l /home/ | grep '^d' | awk '{system("chown root:" $4 " /home/" $4 "/domains/*/logs; chmod 750 /home/" $4 "/domains/*/logs")}'

Richard G · Dec 6, 2010

Great thanks! I will use the oneline code.

Richard G · Dec 30, 2010

I'm getting back to my question.
Using the line zEitEr gave me, it is oke.

But where do I have to change which code so this works also when new accounts are created by DA?
Because I recently added a few new accounts and the logs directory is again like this:
drwx------ 2 username username 5 4.0K Dec 30 00:10 logs

and should be
drwxr-x--- 2 root username 4.0K Dec 30 00:10 logs

So I would need to make a custom setting somehwere?

zEitEr · Dec 31, 2010

If it's not fixed in directadmin binary, you can use /usr/local/directadmin/scripts/custom/domain_create_post.sh to fit your needs.

Create it, if not existed, and put there something like:

Code:

#!/bin/sh
chmod 750 /home/${username}/domains/${domain}/logs
chown 0:${username} /home/${username}/domains/${domain}/logs

tomtom901 · Jan 1, 2011

As Zeiter tips, use a hook

Richard G · Jan 1, 2011

I already got a domain_create_post there:

#!/bin/sh
FILE=/etc/virtual/$domain/filter.conf
if [ -e "$FILE" ]; then
echo "high_score=15" >> $FILE
echo "high_score_block=yes" >> $FILE
echo "where=delete" >> $FILE
echo "action=rewrite&value=filter&user=$username" >> /usr/local/directadmin/data/task.queue
fi
exit 0;

Can I just put both lines between the "fi" and the "exit 0;"?
Like this?

#!/bin/sh
FILE=/etc/virtual/$domain/filter.conf
if [ -e "$FILE" ]; then
echo "high_score=15" >> $FILE
echo "high_score_block=yes" >> $FILE
echo "where=delete" >> $FILE
echo "action=rewrite&value=filter&user=$username" >> /usr/local/directadmin/data/task.queue
fi
chmod 750 /home/${username}/domains/${domain}/logs
chown 0:${username} /home/${username}/domains/${domain}/logs
exit 0;

Or can I better put them on top, before the FILE statement?

zEitEr · Jan 1, 2011

Can I just put both lines between the "fi" and the "exit 0;"?
Like this?

That's ok.

Richard G · Jan 22, 2011

I have to come back at this.
I don't know why, but the logs and stats directory are not created anymore when a new user is created, not even when I remove the new lines.

Next to that I've seen another thing.
drwxr-xr-x 2 lupaie lupaie 4.0K Jan 22 21:16 .htpasswd
drwx--x--x 3 lupaie lupaie 4.0K Jan 22 21:16 public_ftp
drwxr-xr-x 6 lupaie lupaie 4.0K Jan 22 21:25 public_html

On the other accounts, the public_html has the same rights as the public_ftp here.
So should be 711 instead of 755.
How can this be fixed? For new and existing users.

Bug with keeping logs?

Super Moderator

Verified User

Verified User

Verified User

Administrator

Verified User

Administrator

Verified User

Super Moderator

Administrator

Verified User

Super Moderator

Super Moderator

Verified User

Verified User

Super Moderator

Verified User

Verified User

Super Moderator

Verified User