I use virtualmin on my system. One of my colleagues screwed up permissions on the Apache log files. Files are stored under /var/log/virtualmin
Apache is able to write to the log files well.
Users get permission denied while trying to access any log file in there.
I set the above directory, recursive, sticky to 1644. Apache is still able to write to it, but users can’t read it. See below for an example of the listing:
under /var/log:
drw-r--r-T+ 2 root root 16384 May 11 00:49 virtualmin
one file under /var/log/virtualmin
-rw-r--r-T 1 mydomain apache 1627831 May 11 01:00 mydomain.com_access_log
Am really going nuts with this. Any help will be appreciated.
It looks like you’re dealing with restrictive permissions on the /var/log/virtualmin directory and the individual log files, which is blocking users from accessing them. Here are some steps to help troubleshoot and resolve this issue.
Solution
Set Directory and File Permissions for Read Access: Since Apache can write to the files, we just need to enable user read access. Try setting permissions that allow read access for others:
sudo chmod -R 755 /var/log/virtualmin
This changes the directory permissions to allow read and execute access for all users (so they can list files in the directory) and ensures files are readable by others.
2. Update File Ownership and Group Permissions: If specific users or groups need read access, change the group ownership of the directory and files to a group these users belong to, and set group read permissions:
Replace yourgroup with the group that should have read access. Ensure that users needing access are members of this group.
3. Ensure ACLs (Access Control Lists) Are Set Correctly: If ACLs are in use, you may need to set additional permissions for user or group access with setfacl. For example, to allow specific users to access the log files:
Replace username with the actual username. This approach can be used for a group as well by substituting u: with g: and the group name.
4. Remove the Sticky Bit (If Necessary): The sticky bit (T in permissions) may be restrictive in this case, as it can prevent users from reading or modifying files unless they’re the owner. Removing it might help:
sudo chmod -R -t /var/log/virtualmin
After trying these adjustments, verify if the users can access the files. If not, double-check group memberships or any additional security policies (e.g., SELinux or AppArmor) that may be restricting access.