This means that the permissions on those subdirectories do not match the user that apache is running as. For example, if apache is running as the user "apache" those directories must be owned by apache.
Important note: If you are using an apache module that changes the user that apache runs as, on the fly, then those directories must be writable by all users. The use of modules that require you to set these directories as world writable and world readable is a serious security vulnerability, and should not be done. This will allow all users on the system to both change these logs, as well as to see both the logs and the payloads for all other users on the system.
Some modules, for example mod_ruid2, write logs as the user for that instance, but will set permissions on subdirectories such that other users can not write or read from them.
The most secure option is for these directories to be writable and readable only by a trusted user, and not by general users on the system.
Comments
0 comments
Please sign in to leave a comment.