I am running a clean ubuntu-server and got apache working.
I noticed that the apache access and error logs were owned by root:
-rw-r----- 1 root adm 10531 Oct 11 00:43 access.log
-rw-r----- 1 root adm 58839 Oct 11 00:43 error.log
I was just wondering how apache actually writes out to the log if it is only writable by root.
Is it using syslog by default?
Thanks!
Hmmmm.....from what I can tell once a file is opened, changes in the permissions do not matter. Access controls are not rechecked at each read/write done once a file is open.
Thus what I think happens is this: the top level apache server runs as root (so that it can open port 80) it opens the log files as well. When starting a server sub-process, it probably does a fork() which copies the open file descriptors to the new sub-process (i.e. the log file descriptors among a couple of others) and thus the sub-processes can write to the log files eventhough it is not root and then changes the sub-process UID to whatever is requested.
The apache server is initially started as root, it then creates separate threads running as a less privileged (usually www-data) user in order to server content. The main apache process can write to those files since it still runs as root.