[Pkg-awstats-devel] Bug#396452: Bug#396452: Run cron script under root.

George Zarkadas georgios.zarkadas at gmail.com
Mon Feb 14 19:27:41 UTC 2011 

Package: awstats
Version: 6.9~dfsg-1
Severity: normal

Hi, I use the ubuntu 9.10 distribution, which looking at the debian
package's changelog should correspond to 6.9~dfsg-1 sources and faced
the same problem.

The workaround I have deviced to provide access to apache2 logs without
running awstats as root, nor making the logs accessible to everyone is
to:

1. Use a special user for the cron job that has the right to read the
logs (ie belongs to the adm group). I was reluctant to create a new user
myself, in fear of having a possible future conflict if I installed a
package, so I chose `logcheck' which was already there; but the
principle is the same for a brand new one also (to avoid a dependency).

2. Change ownership and permissions of awstats datadir (/var/lib/awstats
in my case) to:

user: logcheck
group: www-data
perms: rwxr-s---

That way any log analyses created by the special cron job user (logcheck
in my case) are available to awstats.pl cgi script for reading.

I also changed the cron job, to allow it work both with the recommended
by upstream authors way of managing multiple virtual hosts (create an
awstats.virtualhostname.conf file) and the previous assumption that
awstats.conf itself is customised. 

The modified `/etc/cron.d/awstats' script (the interesting part is the
command) is included below:

----------------------------------------------------------------------
0,10,20,30,40,50 * * * * logcheck [ -x /usr/lib/cgi-bin/awstats.pl -a
-d /etc/awstats -a -r /var/log/apache2/access.log ] && ( umask 022 ;
ls /etc/awstats/awstats*.conf | sed -e 's_/etc/awstats/__' -e 's/.conf
$//' -e 's_^\(awstats\.\)\(.*\)$_\2_' | xargs -I '@' --max-args=1
--no-run-if-empty /usr/lib/cgi-bin/awstats.pl -config=@ -update
>/dev/null ) 
----------------------------------------------------------------------

The later does not directly associate with the log access problem, but
it is IMHO a nice default to have.

I hope the above will be useful.

regards
George Zarkadas

More information about the Pkg-awstats-devel mailing list