Awstats to run as User (SECURITY) * will increase User disk usage *

Version 1.51

Bugfix
Finished

Awstats will now be run as the User, and no longer as root. This requires a conversion which will increase the User's used disk space, so it's go to ensure the Users are not maxed out, or the conversion will abort. If there are any root-owned files that are 600 (not readable by the user), the copy will have issues, the diff won't exit with code 0, so the conversion would abort. Conversion will copy, as User: cp awstats awstats.user and if that worked and "diff" returns code 0. If not, everything is aborted, start are not run. Next, run as the User: mv awstats awstats.old and if that works: mv awstats.user awstats Then the tricky part, handled by DA is to delete the root owned files (awstats.old), which requires root access. DA does this very carefully, this is the task.queue command used to do it: echo "action=delete&value=secure_disposal&user=${USER}&path=${STATS_DIR}.old" >> /usr/local/directadmin/data/task.queue Related directadmin.conf option: secure_disposal=/home/.disposal *** IMPORTANT*** If you have Users on a different partition, like /home2 Because the awstats.old is simply "moved", moving cross-partition doesn't work, so you might need to clear the awstats.old folders manually, after you've confirmed the new awstats folder is computing stats correctly. ===================== You may have realized that the User does not have read permissions on their apache logs in: /var/log/httpd/domains/domain.com.log to get around this issue, the awstats_process.sh, using AWSTATS_MODE=1, will create a hardlink in: /var/user_logs/username/domain.com.log where: /var/user_logs root:root: 711 /var/user_logs/username username:username 500 /var/user_logs/user/domain.com.log root:root 644 so that the logs can be read, but not modified. The link is removed after the end of the awstats_process.sh call. If hard-links don't work for you, then you can use: AWSTATS_MODE=2 which does a full copy of each log, instead of using a hard-link. ---- Credit to Bartosz Kwitniewski for debugging and reporting the issue.

Interested to try DirectAdmin? Get a 30-day Free Trial!