Why is my “appuser” not allowed to read an apche2 log although the user has group adm?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP








up vote
1
down vote

favorite












I already found some solutions here: AWStats: cannot access /var/log/apache2/access.log, but this are "hammer-methods", like change ownership and so on. I do not like.



I want to understand what is going on (probably then I use one of this hammers)



What is the scenario: I have an user "myapp" (in my case the user my rails app uses)



myapp@myapp-pre ~/appdir$ id
uid=1000(myapp) gid=100(users) groups=100(users),4(adm),27(sudo)


As you can see the user has group "adm". Lets take a look at the log file



myapp@myapp-pre ~/appdir$ sudo ls -l /var/log/apache2/error.log
-rw-r----- 1 root adm 17503 Apr 28 17:05 /var/log/apache2/error.log


Here we see, that error.log belongs to root:adm - root(rw) - adm(r)



But not "sodoed":



myapp@myapp-pre ~/appdir$ ls -l /var/log/apache2/error.log
ls: cannot access /var/log/apache2/error.log: Permission denied


If I take a look at the parent directory:



myapp@myapp-pre ~/appdir$ ls -l /var/log



...
-rw-r--r-- 1 root root 347 May 26 2017 alternatives.log.7.gz
-rw-r--r-- 1 root root 419 Mar 14 2017 alternatives.log.8.gz
-rw-r--r-- 1 root root 369 Feb 14 2017 alternatives.log.9.gz
dr-xr--r-T 2 root adm 4096 Apr 28 06:05 apache2
-rw-r----- 1 root adm 4013282 Apr 28 17:22 auth.log
-rw-r----- 1 root adm 4467467 Apr 23 06:05 auth.log.1
-rw-r----- 1 root adm 269469 Apr 15 06:05 auth.log.2.gz
...


I see, that many files have the same root:adm permissions, and user myapp can read them.



A try just to read the file



myapp@myapp-pre ~/appdir$ cat /var/log/apache2/error.log
cat: /var/log/apache2/error.log: Permission denied


same result ...



So why is my user "myapp" not allowed to read?




permissions




share|improve this question
























    up vote
    1
    down vote

    favorite












    I already found some solutions here: AWStats: cannot access /var/log/apache2/access.log, but this are "hammer-methods", like change ownership and so on. I do not like.



    I want to understand what is going on (probably then I use one of this hammers)



    What is the scenario: I have an user "myapp" (in my case the user my rails app uses)



    myapp@myapp-pre ~/appdir$ id
    uid=1000(myapp) gid=100(users) groups=100(users),4(adm),27(sudo)


    As you can see the user has group "adm". Lets take a look at the log file



    myapp@myapp-pre ~/appdir$ sudo ls -l /var/log/apache2/error.log
    -rw-r----- 1 root adm 17503 Apr 28 17:05 /var/log/apache2/error.log


    Here we see, that error.log belongs to root:adm - root(rw) - adm(r)



    But not "sodoed":



    myapp@myapp-pre ~/appdir$ ls -l /var/log/apache2/error.log
    ls: cannot access /var/log/apache2/error.log: Permission denied


    If I take a look at the parent directory:



    myapp@myapp-pre ~/appdir$ ls -l /var/log



    ...
    -rw-r--r-- 1 root root 347 May 26 2017 alternatives.log.7.gz
    -rw-r--r-- 1 root root 419 Mar 14 2017 alternatives.log.8.gz
    -rw-r--r-- 1 root root 369 Feb 14 2017 alternatives.log.9.gz
    dr-xr--r-T 2 root adm 4096 Apr 28 06:05 apache2
    -rw-r----- 1 root adm 4013282 Apr 28 17:22 auth.log
    -rw-r----- 1 root adm 4467467 Apr 23 06:05 auth.log.1
    -rw-r----- 1 root adm 269469 Apr 15 06:05 auth.log.2.gz
    ...


    I see, that many files have the same root:adm permissions, and user myapp can read them.



    A try just to read the file



    myapp@myapp-pre ~/appdir$ cat /var/log/apache2/error.log
    cat: /var/log/apache2/error.log: Permission denied


    same result ...



    So why is my user "myapp" not allowed to read?




    permissions




    share|improve this question






















      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I already found some solutions here: AWStats: cannot access /var/log/apache2/access.log, but this are "hammer-methods", like change ownership and so on. I do not like.



      I want to understand what is going on (probably then I use one of this hammers)



      What is the scenario: I have an user "myapp" (in my case the user my rails app uses)



      myapp@myapp-pre ~/appdir$ id
      uid=1000(myapp) gid=100(users) groups=100(users),4(adm),27(sudo)


      As you can see the user has group "adm". Lets take a look at the log file



      myapp@myapp-pre ~/appdir$ sudo ls -l /var/log/apache2/error.log
      -rw-r----- 1 root adm 17503 Apr 28 17:05 /var/log/apache2/error.log


      Here we see, that error.log belongs to root:adm - root(rw) - adm(r)



      But not "sodoed":



      myapp@myapp-pre ~/appdir$ ls -l /var/log/apache2/error.log
      ls: cannot access /var/log/apache2/error.log: Permission denied


      If I take a look at the parent directory:



      myapp@myapp-pre ~/appdir$ ls -l /var/log



      ...
      -rw-r--r-- 1 root root 347 May 26 2017 alternatives.log.7.gz
      -rw-r--r-- 1 root root 419 Mar 14 2017 alternatives.log.8.gz
      -rw-r--r-- 1 root root 369 Feb 14 2017 alternatives.log.9.gz
      dr-xr--r-T 2 root adm 4096 Apr 28 06:05 apache2
      -rw-r----- 1 root adm 4013282 Apr 28 17:22 auth.log
      -rw-r----- 1 root adm 4467467 Apr 23 06:05 auth.log.1
      -rw-r----- 1 root adm 269469 Apr 15 06:05 auth.log.2.gz
      ...


      I see, that many files have the same root:adm permissions, and user myapp can read them.



      A try just to read the file



      myapp@myapp-pre ~/appdir$ cat /var/log/apache2/error.log
      cat: /var/log/apache2/error.log: Permission denied


      same result ...



      So why is my user "myapp" not allowed to read?




      permissions




      share|improve this question












      I already found some solutions here: AWStats: cannot access /var/log/apache2/access.log, but this are "hammer-methods", like change ownership and so on. I do not like.



      I want to understand what is going on (probably then I use one of this hammers)



      What is the scenario: I have an user "myapp" (in my case the user my rails app uses)



      myapp@myapp-pre ~/appdir$ id
      uid=1000(myapp) gid=100(users) groups=100(users),4(adm),27(sudo)


      As you can see the user has group "adm". Lets take a look at the log file



      myapp@myapp-pre ~/appdir$ sudo ls -l /var/log/apache2/error.log
      -rw-r----- 1 root adm 17503 Apr 28 17:05 /var/log/apache2/error.log


      Here we see, that error.log belongs to root:adm - root(rw) - adm(r)



      But not "sodoed":



      myapp@myapp-pre ~/appdir$ ls -l /var/log/apache2/error.log
      ls: cannot access /var/log/apache2/error.log: Permission denied


      If I take a look at the parent directory:



      myapp@myapp-pre ~/appdir$ ls -l /var/log



      ...
      -rw-r--r-- 1 root root 347 May 26 2017 alternatives.log.7.gz
      -rw-r--r-- 1 root root 419 Mar 14 2017 alternatives.log.8.gz
      -rw-r--r-- 1 root root 369 Feb 14 2017 alternatives.log.9.gz
      dr-xr--r-T 2 root adm 4096 Apr 28 06:05 apache2
      -rw-r----- 1 root adm 4013282 Apr 28 17:22 auth.log
      -rw-r----- 1 root adm 4467467 Apr 23 06:05 auth.log.1
      -rw-r----- 1 root adm 269469 Apr 15 06:05 auth.log.2.gz
      ...


      I see, that many files have the same root:adm permissions, and user myapp can read them.



      A try just to read the file



      myapp@myapp-pre ~/appdir$ cat /var/log/apache2/error.log
      cat: /var/log/apache2/error.log: Permission denied


      same result ...



      So why is my user "myapp" not allowed to read?





      permissions





      share|improve this question











      share|improve this question




      share|improve this question










      asked Apr 28 at 14:54









      halfbit

      1063




      1063

























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "89"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1029268%2fwhy-is-my-appuser-not-allowed-to-read-an-apche2-log-although-the-user-has-grou%23new-answer', 'question_page');

          );

          Post as a guest






















          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1029268%2fwhy-is-my-appuser-not-allowed-to-read-an-apche2-log-although-the-user-has-grou%23new-answer', 'question_page');

          );

          Post as a guest
































































          -

          Popular posts from this blog

          How do so many people here on Academia.SE, and in general, afford lavish higher education programs?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 45 down vote favorite 7 I graduated last year with a BS in Computer Science. I do not come from a particularly wealthy family, (very low middle class), and was only able to afford my education via school loans/scholarships and working low-wage jobs, with no support from my family or anyone else. I realize some scholarship/loan programs extend into grad school. But I don't think those cover all costs. Now I'm lucky enough to have a decent-paying salary in industry, along with benefits and living on my own, and I'm thinking one day (sooner rather than later) I'd like to try my hand at research or continue my degree, but these things cost money, in addition to my regular living expenses. I read posts here often about academic people being in positions of choosing between these crazy research grad programs, some in Japan, or Ireland (while they currently live in the U.S./U.K.) then moving around between countries/universit...
          Read more

          Trouble downloading packages list due to a “Hash sum mismatch” error

          Image
          Clash Royale CLAN TAG #URR8PPP .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0; up vote 331 down vote favorite 117 When I check for updates, I get a "Failed To Download Repository Information" error. This is what comes up under details: W: Failed to fetch gzip:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_natty_main_source_Sources Hash Sum mismatch, E: Some index files failed to download. They have been ignored, or old ones used instead. apt share | improve this question edited Nov 12 '14 at 23:37 Braiam 49.5k 19 130 210 asked May 9 '11 at 20:55 Rob 5,300 10 26 40 add a comment  |  up vote 331 down vote favorite 117 When I check for updates, I get a "Failed To Download Repository Information" error. This is what comes up under details: W: Failed to fetch gzip:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_nat...
          Read more

          How do I move numbers in filenames, in a batch renaming operation?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 10 down vote favorite 1 I have been trying to figure out how to rename files for the past few hours. I have 2000 files that are like this: file.1.pdb file.2.pdb file.3.pdb I would like to rename these files to something like: file.pdb.1 file.pdb.2 file.pdb.3 command-line batch-rename share | improve this question edited Mar 29 at 21:36 Eliah Kagan 79.6k 20 222 359 asked Mar 29 at 15:33 user812758 51 3 Didn't you mean bash ? – avazula Mar 29 at 15:38 4 @avazula No please read this article : en.wikipedia.org/wiki/Batch_renaming – Ali Razmdideh Mar 29 at 15:47 @PerlDuck yes ;) – Ali Razmdideh Mar 29 at 15:52 6 Possible duplicate of How to easily rename files using command line? – wjandrea Mar 29 at 16:09 2 Hey close voters...
          Read more