James Pifer jep@obrien-pifer.com wrote:
I need to enable some access to the httpd logs over ftp so they can be analyzed by another application to get a
report.
I used to do this on Windows NT before replacing the server with CentOS. Thanks to help from another thread I have an ftp server enabled on the web server. I thought the easiest thing to do would be to create an id for the application to connect with, then provide a symlink to the logs in that generic user's home directory. The problem is the logs are owned by root. How can I make them readable by this generic id without completely compromising security? Plus, as the logs rotate this id
will
still need access. Any suggestions?
I know you just setup FTP, but consider using SSH instead.
First off, access to the logs are solved by always running the process as root at the end system. There is no reduced security by doing this.
Secondly, setup 1 regular user on 1 system where you want the logs to be localized for processing. Then have the root user of each system SCP the log file to that 1 system as the 1 regular user. You'll want to use public key authentication (or a Kerberos realm if you want to avoid generating and/or copying keys for each system).
If you're into a more formal setup, CVS or other version control or data collection repository check-ins of the log files might be ideal. For CVS (and several others), you can use the SSH login.