>Number: 3396 >Category: suexec >Synopsis: Split suEXEC log per <VirtualHost> >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: change-request >Submitter-Id: apache >Arrival-Date: Thu Nov 12 22:20:00 PST 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3 >Environment: Whatever >Description: Hello,
I wonder if it would be possible to split suEXEC logs by <VirtualHost>. I have done it the following way: 1) check earlier that target user name is valid 2) find the home directory 3) and open a user log file in a fixed sub-directory of the target user home dir. Error if the target user is not valid, if the log dir cannot be open, etc are reported in a global log file as defined by $LOG_EXEC I have made this working, it is badly written and I am not really sure how secure it is or it is not. I have a second suggestion that does not involve security at all, I think it would be better if logs could be changed so that it only generates on line per call to suEXEC. I have set up the following format: /home/sat/cgi-bin/ej-sat/feedback.cgi sat httpd [1998-11-10 14:39:15] user misma tch (suEXEC is run by sat instead of httpd) /home/sat/cgi-bin/ej-sat/feedback.cgi sat httpd [1998-11-10 14:49:51] /home/sat/cgi-bin/ej-sat/feedback.cgi sat httpd [1998-11-10 14:51:35] /home/sat/cgi-bin/ej-sat/feedback.cgi sat httpd [1998-11-10 15:00:37] /home/sat/cgi-bin/ej-sat/feedback.cgi sat httpd [1998-11-10 15:01:25] target uid /gid (200/1000) mismatch with directory (200/1000) or CGI (0/1000) First is the full pathname of the CGI called (as Apache changes directory to the one of the CGI it is about to execute, two scripts with similar name would not log under the same name) then target name and group, date and followed by blank or the error message. Only case that cannot fit is when exec fails. It should be uncommon enough not to bother solving it. This way the log file is easier to process through log analysis packages and is more consistant to read for human beings. Thanks for your attention And above all thanks for making Apache exist Olivier >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
