Script access to logs

[liquorvicar]

A client of mine needs to be able to access the web logs on a per-domain basis via a script. What's the best way to achieve this? If I change the permissions on the /home/httpd/vhosts/domain.com/statistics/logs/ dir, will the changes get overwritten when the logs are rotated? Could I just set up symlinks to the log files, would it matter that the target logs are owned by root?
TIA

 

[Hedgren]

AFAIK, when logs are rotated, permissions to the "logs" dir are not changed.
But what kind of script do you mean exactly -- a shell script, a PHP script, etc.?
As far as I can see, Apache for example, is already a member of 'psaserv' group, so it actually can access these logs:
-bash-3.1# ls -ld vhosts/pets-detective.org/statistics/logs/
drwxr-x--- 2 root psaserv 4096 Nov 16 04:59 vhosts/pets-detective.org/statistics/logs/
-bash-3.1# ls -ld vhosts/pets-detective.org/statistics/
dr-xr-x--- 7 root psaserv 4096 Nov 15 18:40 vhosts/pets-detective.org/statistics/
-bash-3.1# grep psaserv /etc/group
psaserv:x:2523:apache,psaftp,psaadm
Of course, you could extend these permissions even more, but that would be quite insecure. And there is one more thing which requires your attention -- you'd also need to create a new
virtual host in Apache configuration to provide access to the DocumentRoot of the statistics/logs (if this is PHP script, for example). Because what you currently have is only smth. like this:
-bash-3.1# grep DocumentRoot /home/httpd/vhosts/pets-detective.org/conf/httpd.include
DocumentRoot /home/httpd/vhosts/pets-detective.org/httpdocs
Hope this helps a byte.

 

[liquorvicar]

Thanks for your response. I did experiment in the end and worked out that the log rotation doesn't change the permissions which is exactly what I needed.

The script is being run from cron so it's being run as the actual user and not apache, which was the problem. Got it sorted now.
Ta