On 12/25/23 9:55 AM, MIIM via dev wrote:
>
> I apologize in advance for posting this question to the development
> forum, but unfortunately the modules-development list is dead
> according to the list server.
>
>
> I have a module attempting to write a log file --
> not one of the Apache log files -- for its own use.
>
> I adopted the code from a similar module which uses
> it to open-for-read a whitelist file in the default
> configuration directory; it works in that module.
>
> When opening for create-or-append a permissions
> failure occurs. The module reports the error as follows:
>
>
> Dec 24 22:11:58 mod_botlist: logfile </var/log/apache/>
> Dec 24 22:11:58 mod_botlist: Log file </var/log/apache/robots.log>
> Dec 24 22:11:58 mod_botlist: Error opening log file
> </var/log/apache/robots.log>
>
>
> Protection for the /var/log/apache directory is the default.
> This is the directory where Apache keeps its log files:
>
>
> /var/log ...
> drwxr-xr-x 2 root root 4096 Dec 24 22:11 apache
>
>
> The code for the file open is below. The module gets
> through the stat checking section but fails to open
> the (nonexistent at the first request) file for append.
>
>
> /* Stat a possibly existing file in case there's a problem */
>
> errno = 0;
> logstat = stat(logfilename, &statdata);
> if ( (logstat < 0) && (errno != ENOENT) ) {
> filerr = errno;
> ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
> "mod_botlist: Error on log file <%s>",
> logfilename);
> ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
> " %s",
> strerror(filerr));
> bl_unlock_mutex(r, bl_scfg);
> return DECLINED;
> }
>
> /* Open the file for append, or if none, create it */
>
> errno = 0;
> logfile = fopen(logfilename, "a+");
> if (errno != 0) {
> filerr = errno;
> ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
> "mod_botlist: Error opening log file <%s>",
> logfilename);
> ap_log_rerror(APLOG_MARK, APLOG_NOTICE, 0, r,
> " %s",
> strerror(filerr));
> bl_unlock_mutex(r, bl_scfg);
> return DECLINED;
> }
>
>
> 1) Is this problem due to the core giving up its privilege
> after the individual servers are started? Clearly some
> part of the server had enough privilege to create those
> files.
It depends in which phase you try to open the logfile whether the privileges
have already been dropped.
I cannot tell this from the code snippets above. Apart from this it is
advisable to use the respective
functions from the APR library instead of the POSIX / stdio.h functions above
as this keeps the module
much more portable.
Another test that you can do is to write your logfile to a directory where
everyone can write (e.g. /tmp)
Then you can see which user owns the file and if it is the user specified via
the User directive.
Regards
Rüdiger
