What are correct permissions for Linux Apache2 PHP 5.3 log file?

Question

I discovered the reason why I was not getting entries into my php_errors.log file related to permissions. Right now, I have set it to 666 (rw-rw-rw-) but surely this is a security weakness? Thus, my question.

php.ini file: error_log /var/log/httpd/php_errors.log log_errors On

# ls -ld /var/log /var/log/httpd /var/log/httpd/php_errors.log
drwxr-xr-x 6 root     root     4096 Jun 21 03:32 /var/log
drwxr-xr-x 2 ec2-user ec2-user 4096 Jun 22 10:16 /var/log/httpd
-rw-rw-rw- 1 ec2-user ec2-user   63 Jun 22 10:33 /var/log/httpd/php_errors.log

(Many thanks in advance)

chown the file to the Apache user and you can do something like 640 or 600 - there are actually very few circumstances where you ever need to grant any permissions to "nobody". Your file appears to be outside of the docroot - so it should never be accessible over HTTP, so that's fine. — CD001

Loïc Loïc · Accepted Answer · 2015-06-22T10:46:11

I'd simply set its owner to apache user.

This will give you the name of apache user :

ps aux | grep httpd

In my case (CentOS), it's 'apache' but sometimes it's 'www-data'...

chown apache:apache /var/log/httpd/php_errors.log
chmod 600 /var/log/httpd/php_errors.log

What are correct permissions for Linux Apache2 PHP 5.3 log file?

1 Answers