--- Don Russell <fedora@xxxxxxxxxxxxxxxxxxxxx> wrote:
> I just installed mrtg 2.13.2 on FC5 and noticed the sample config file
> in /etc/mrtg/mrtg.cfg
>
> This file has LogDir defined as /var/lib/mrtg
>
> I suppose it doesn't really matter... but is that an error/typo?
> Shouldn't logs be kept in /var/log/... ?
>
> I was going to Bugzilla this, but thought I'd get some other opinions
> first. :-)
>
I agree that it makes more sense to put the log in /var/log. However,
I also tend to use the software defaults. The theory being that if
some other admin comes in behind me it'll be easier to find things.
In considering whether to change this or not, what other stuff is
included in /var/lib/mrtg? If there's other stuff there it might be
good to have mrtg stuff in one place.
When I was configuring Apache httpd setups, I at first would change
the logging from /usr/local/apache/logs to /var/log/apache. But after
awhile, I left the defaults in place, because it was actually more
convenient to have all of Apache in one place, especially if you have
a test version on the same box.
In the case of mrtg, it looks like you'll have conflicts if you put 2
mrtg's on the same machine with the defaults. So the apache reasoning
doesn't apply. And of course, there's no one right answer.
> Part 2: (The fun part) :-)
>
> I created a new userid (mrtg) and created a little script to run
> cfgmaker and indexmaker, but now I don't know how to run mrtg so it can
> produce the graphs etc in /var/www/mrtg...
>
> I suppose I could run mrtg as root... but I hate running stuff as root
> if not needed.
> Or, how can I grant write permission so the mrtg user can write to
> /var/www/mrtg, but not other apache-owned files/directories?
This is the fun part!!! Regarding the problem of access to files by 2
userid's, the solution is groups. Here's one way to do it. You can
create a 3rd userid, we'll call it httpdmrtg, and by default it will
create a group by the same name. You can "chown", or change ownership
of /var/www to that user id and group, for example:
# chown -R httpmrtg:httpmrtg /var/www
and you probably want write access to the files, so
# find /var/www -type f | xargs chmod 660 # takes care of files
and for directories you want the executable bit set:
# find /var/www -type d | xargs chmod 770
You then want to place the "mrtg" and the "http" (actually by default,
apache uses the userid "nobody") as members of the group "httpdmrtg":
# gpasswd -a mrtg httpdmrtg
# gpasswd -a http httpdmrtg
You can also edit the /etc/group file to do the same thing, but using
the gpasswd command ensures that the shadow password/group files get
modified as appropriate.
Also, there's more than one way to skin a cat. You don't have to
create a third userid / group. When you create userid "mrtg", it will
have it's own group, or "httpd" will also have its own group. You can
make one a member of the other, and change the files so it's
identified with that group.
>
> Thanks,
> Don
=== Al
