retitle 396452 facilitate awstats access to log files severity 396452 wishlist thanks
> Excuse me. > > from README.Debian: > > ... > > This all require manual setup after install awstats. Okay. This is making more sense now. ;-) In fact, I think that your fundamental request is that we simplify this process, which is certainly fair to ask for. > Running cron script under root solve this problem too. Cron script will > read apache log files with default root rights and write to awstats > database with www-data rights, visible to cgi script. And this will not > require manual setup after installation. Remember that awstats can also be accessed as a cgi script, so only changing the cron script is only a partial solution. > >In general, running scripts as root should be avoided as that is itself > >a security problem. > > I don't see any security hole in running cron script (not cgi) under > root, because only root can change cron script or it's parameters. The problem is now you are now giving awstats root access to your entire machine, which should really be avoided if at all possible. The whole point of user and group privileges is to prevent unauthorized access to private information. You are putting a lot of trust in awstats by running it as root, and it should be avoided if at all possible (and it is possible in this case). That said, your high-level request is still applicible: we should explore ways to simplify the installation process such that manual user intervention is not required. Thanks for the report. Charles -- Thrifty jars for Stay at homes Handy tubes For him Who roams Burma-Shave http://burma-shave.org/jingles/1963/thrifty_jars_for
signature.asc
Description: Digital signature