On Sat, 2006-07-08 at 10:59 -0700, Al Sparks wrote: > --- Don Russell <fedora@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > I just installed mrtg 2.13.2 on FC5 and noticed the sample config file > > in /etc/mrtg/mrtg.cfg > > > > This file has LogDir defined as /var/lib/mrtg > > > > I suppose it doesn't really matter... but is that an error/typo? > > Shouldn't logs be kept in /var/log/... ? > > > > I was going to Bugzilla this, but thought I'd get some other opinions > > first. :-) > > snip > > Part 2: (The fun part) :-) > > > > I created a new userid (mrtg) and created a little script to run > > cfgmaker and indexmaker, but now I don't know how to run mrtg so it can > > produce the graphs etc in /var/www/mrtg... > > > > I suppose I could run mrtg as root... but I hate running stuff as root > > if not needed. > > Or, how can I grant write permission so the mrtg user can write to > > /var/www/mrtg, but not other apache-owned files/directories? > > This is the fun part!!! Regarding the problem of access to files by 2 > userid's, the solution is groups. Here's one way to do it. You can > create a 3rd userid, we'll call it httpdmrtg, and by default it will > create a group by the same name. You can "chown", or change ownership > of /var/www to that user id and group, for example: > # chown -R httpmrtg:httpmrtg /var/www > and you probably want write access to the files, so > # find /var/www -type f | xargs chmod 660 # takes care of files > and for directories you want the executable bit set: > # find /var/www -type d | xargs chmod 770 > > You then want to place the "mrtg" and the "http" (actually by default, > apache uses the userid "nobody") as members of the group "httpdmrtg": ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Not with a default Redhat or Fedora install. Apache runs as apache:apache on every install I have done for the past several years. IIRC an install of apache from the upstream source, however, does run as nobody:nobody. > # gpasswd -a mrtg httpdmrtg > # gpasswd -a http httpdmrtg > > You can also edit the /etc/group file to do the same thing, but using > the gpasswd command ensures that the shadow password/group files get > modified as appropriate. > > Also, there's more than one way to skin a cat. You don't have to > create a third userid / group. When you create userid "mrtg", it will > have it's own group, or "httpd" will also have its own group. You can > make one a member of the other, and change the files so it's > identified with that group. > > > > > Thanks, > > Don > === Al >
