Loading...

Change ownership of log files

I configured awstats to use the logs of proftpd to analyze the traffic (uploads and downloads). To process the log file, the log analyzer needs file permission to read the log file. Changing the permission for others for read is a quick solution, but also regarding security a bad solution. To solve this, I put the analyzer to a group that has permission to process the log file.

To change this we take a look at the proftpd.conf for logrotate in /etc/logrotate.d. As default, proftpd creates log files with user root and group adm.

/var/log/proftpd/proftpd.log
/var/log/proftpd/controls.log
{
        weekly
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        postrotate
                # reload could be not sufficient for all logs, a restart is safer
                invoke-rc.d proftpd restart 2>/dev/null >/dev/null || true
        endscript
}
/var/log/proftpd/xferlog
/var/log/proftpd/xferreport
{
        monthly
        missingok
        rotate 7
        compress
        delaycompress
        notifempty
        create 640 root adm
        sharedscripts
        prerotate
        endscript
        postrotate
                # reload could be not sufficient for all logs, a restart is safer
                invoke-rc.d proftpd restart 2>/dev/null >/dev/null || true
                # run ftpstats on past transfer log
                ftpstats -a -r -l 2 -d -h -f /var/log/proftpd/xferlog.0 2>/dev/null >/var/log/proftpd/xferreport || true
        endscript
}

The entry create 640 root adm is responsible for creating the log files with file permission set 640 for chmod. Replace the group adm with your group name, and the awstats analyzer will be capable to read it.