/etc/cron.d/awstats: wrong user for cron job

Bug #1252467 reported by Thomas Dreibholz
42
This bug affects 7 people
Affects Status Importance Assigned to Milestone
awstats (Debian)
New
Unknown
awstats (Ubuntu)
Undecided
Unassigned

Bug Description

/etc/cron.d/awstats runs the statistics generation cron job with user "www-data". The cron job needs to access /var/log/apache2/access.log.

$ ls -al /var/log/apache2/access.log
-rw-r----- 1 root adm 342337 Nov 18 21:36 /var/log/apache2/access.log

$ sudo -u www-data cat /var/log/apache2/access.log
cat: /var/log/apache2/access.log: Permission denied

That is, www-data does not have the permission to access the log file. Therefore, the user in /etc/cron.d/awstats needs to be "root" or -- probably better -- the log files of apache have to be written with permission to be read by www-data. The current default configuration -- also tested with the development version of Ubuntu 14.04 -- does not work.

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: awstats (not installed)
ProcVersionSignature: Ubuntu 3.11.0-13.20-generic 3.11.6
Uname: Linux 3.11.0-13-generic x86_64
ApportVersion: 2.12.5-0ubuntu2.1
Architecture: amd64
Date: Mon Nov 18 21:35:19 2013
InstallationDate: Installed on 2013-10-18 (31 days ago)
InstallationMedia: Ubuntu-Server 13.10 "Saucy Salamander" - Release amd64 (20131016)
MarkForUpload: True
SourcePackage: awstats
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Thomas Dreibholz (dreibh) wrote :
Revision history for this message
Matthijs van Wageningen (matthys70) wrote :

I can confirm this problem and wonder if there is any 'real' solution ?

After upgrading to 13.10 there was no problem, until log rotate.
Previous files had 644 for root:adm, now 640 for root:adm
The cron-job for awstats runs as www-data as mention above.

This cause error message when job runs:
Error while processing /etc/awstats/awstats.conf
Create/Update database for config "/etc/awstats/awstats.conf" by AWStats version 7.1.1 (build 1.989)
From data in log file "/var/log/apache2/access.log"...
Error: Couldn't open server log file "/var/log/apache2/access.log" : Permission denied
Setup ('/etc/awstats/awstats.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).

$ cat /etc/cron.d/awstats
MAILTO=root

*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh

# Generate static reports:
10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in awstats (Ubuntu):
status: New → Confirmed
Revision history for this message
Matthijs van Wageningen (matthys70) wrote :

Problem seems a change in new dist logrotate for Apache2 (/etc/logrotate.d/apache2):

I change this line:
create 640 root adm
Into:
create 644 root adm

As this was the default in my previous version of /etc/logrotate.d/apache2

Revision history for this message
Eero (eero+launchpad) wrote :

Still an issue in 14.04.

Revision history for this message
Mike Robinson (launchpad-multiwebinc) wrote :

Either running the cron job as root or allowing www-data to read the apache log files are bad ideas. Instead you want to create a new user and add it to the www-data and adm groups and make the cron job execute as that user. I called mine "awstats":

useradd awstats && usermod -a -G www-data awstats && usermod -a -G adm awstats

Seems to work like a charm.

Revision history for this message
Marius Gedminas (mgedmin) wrote :
Changed in awstats (Debian):
status: Unknown → New
Revision history for this message
canaaerus (post6665) wrote :

I encountered this bug when updating from 14.04 to 16.04.
I started with Mike’s work-around, but had to change it a bit.

First of all the awstats user is created with a new dedicated group awstats, which I did not want. So I used:

useradd -g www-data -G adm awstats

I also had to allow awstats to create new files:

chown -R awstats:www-data /var/lib/awstats

Nish Aravamudan (nacc)
Changed in awstats (Ubuntu):
status: Confirmed → Triaged
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.