Join Log in
Score:2
Tom avatar Server

Allow users to create and write to a log folder

bf flag
Tom

I'm using Exim4 to run PHP scripts when an email is received.

This script should create a file in the /var/log/myapp folder if it doesn't exist, otherwise it should just read the file and add more content to the log.

I performed some tests applying the 777 permission on the folder and I saw that the user used by Exim4 is nobody.

However, in some cases my administrative user (eg bob) can manually run the PHP file via the PHP CLI and also use these log files.

I ran the commands below to add my user and nobody to write to the folder but only my user can create files, but 'nobody' can't.

sudo groupadd eximapplog

sudo usermod -a -G eximapplog bob
sudo usermod -a -G eximapplog nobody

sudo chgrp -R eximapplog /var/log/myapp
sudo chmod g+rwx /var/log/myapp

sudo chmod -R 775 /var/log/myapp

What could I be doing wrong?

260
1 + 0
Score:2
Saxtheowl avatar Server
by flag
Saxtheowl

I think the error come the difference in permission levels between your user (bob) and the "nobody" user.

Lets try to adjust the PHP script or Exim4 configuration so that it runs as a specific, non-root user.

First we create new users and new group.

sudo adduser eximappuser
sudo groupadd eximappgroup

Then we add eximappuser and bob to our new group

sudo usermod -a -G eximappgroup eximappuser
sudo usermod -a -G eximappgroup bob

We change the owner rights

sudo chown -R eximappuser:eximappgroup /var/log/myapp

Then we change the rights of var/log/myapp to allow the owner and the group to read, write, and execute

Then you gonna have to configure Exim4 or the PHP script to run as 'eximappuser' instead of 'nobody'

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.