On 26/1/2000 Brian May wrote:
I personally find it very difficult, if not impossible, to debug CGI scripts with out access to at least error.log, as this is where STDERR is redirected. Similarly, access to suexec_log often highlights silly mistakes with incorrect permissions, etc.
Ok, I can see that, in that case I would say perhaps the default should be ownership still set to root.adm and default permissions set to 644, and whatever log rotation scripts should preserve whatever permissions are set, so if i decide i want them 640 I don't have to hunt through a bunch of cron scripts to find which fscking one keeps undoing my change... (I understand this is solved by using logrotate instead of whatever it is that has been used before)
I suppose it might make sense to set the group to something else but I dont know what would really work.. www-data is no good since nobody should be a member of that group, adm works in some cases but all other logs are usually owned and only readable by that group so the admin may not wish to add web maintainers to group adm... I would say that group can easily be up to the local admin, just so the log rotations scripts always preserve ownership and permissions while rotating the logs.
-- Ethan Benson To obtain my PGP key: http://www.alaska.net/~erbenson/pgp/