Home / server / Questions / 998153
Accepted
klor
Asked: 2020-01-09 10:05:02 +0800 CST

openSUSE: "Permission denied" error on Cron log file

  • 772

using: openSUSE Leap 42.2

/etc/cron.d/mysite file content:

* * * * * wwwrun /usr/bin/php /srv/www/mysite/cron.php >> /var/log/apache2/mysite.cron 2>&1

/etc/cron.d/ dir content:

/etc/cron.d # ls -ls
total 12
4 -rw------- 1 root root 142 May  7  2018 autologout
4 -rw-r--r-- 1 root root 289 Jan  8 14:33 mysite
4 -rw------- 1 root root 369 May  7  2018 seccheck

mail message:

Message 103:
From [email protected]  Wed Jan  8 18:52:01 2020
X-Original-To: wwwrun
Delivered-To: [email protected]
From: "(Cron Daemon)" <[email protected]>
To: [email protected]
Subject: Cron <wwwrun@mysite1> /usr/bin/php /srv/www/mysite/cron.php >> /var/log/apache2/mysite.cron 2>&1
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
Precedence: bulk
X-Cron-Env: <XDG_SESSION_ID=312343>
X-Cron-Env: <XDG_RUNTIME_DIR=/run/user/11>
X-Cron-Env: <LC_CTYPE=en_US.UTF-8>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/var/lib/wwwrun>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=wwwrun>
X-Cron-Env: <USER=wwwrun>
Date: Wed,  8 Jan 2020 18:52:01 +0100 (CET)

/bin/sh: /var/log/apache2/mysite.cron: Permission denied

mysite.cron log file

ls -la /var/log/apache2/mysite.cron
-rw-rw-rw- 1 wwwrun www 953 Jan  8 14:08 /var/log/apache2/mysite.cron

How to fix this?

Executing 

/usr/bin/php /srv/www/mysite/cron.php >> /var/log/apache2/mysite.cron 2>&1

from terminal as root, executes well, without permission error.

cron

1 Answers

  1. Best Answer

    You'll need traverse rights (the e'x'ecute bit on a directory) on /var, /var/log, and /var/log/apache2

    ls -ld /var/log/apache2
chmod a+x /var/log/apache2    # allow anyone to 'search' in the directory
ls -ld /var/log/apache2

    'search' is not 'read'... its may also be called 'traverse'. It grants the ability to access directory content and meta-information if its name is known, but not list files inside the directory unless 'read' is set also. (ref: https://en.wikipedia.org/wiki/File_system_permissions)

    I strike this sort of problem commonly on Red Hat systems too, where /var/log/httpd/ permissions don't allow log-shippers (eg. nxlog, fluentd, filebeat, all running as various users) to access the web logs.

    You'll want to make sure that you manage the permissions of /var/log/apache2 using a configuration management system, as otherwise you might find that the permissions get reverted when you apply RPM updates.

    • 1