Accessing /var/log Files in PHP


Read {count} times since 2020

If you have tried to access a log file in /var/log using PHP in Linux, you will see the “Permission denied” error. This is because, Apache doesn’t have read permission on the log file.

Let’s look at the user groups that have permission to access the log files : it’s root and the program which created the file. Suppose, let’s say the log file is “/var/log/squid/access.log”. That file’s group and owner will be “proxy” and others won’t even have the read permission on it except **root **ofcourse.

Since, Apache is not in the group of proxy, it don’t have permission to read or write the file. Here are the 3 ways to grant Apache access to the file :

  1. Add www-data user into the proxy group
  2. Make the group of the log file www-data
  3. Change permission of log file to 0666

But, if the Squid server is restarted, the log file is removed and re created. So, permission are reset to what it should have been. Hence the way 2 & 3 is not permanent.

You can add www-data into the proxy group by using this :

sudo usermod -G proxy www-data && sudo service apache2 restart

The above command also restarts the Apache server to update it’s cache of file permissions or something else (I exactly don’t know why).

Note that by doing the above command, you give all permissions that proxy group has to Apache, even the write permission. This is not exactly required, if you just want to read the log file.

In this case, we can use the adm group (it’s not “admin”). adm group only has read permission to some log files. The group was specifically created to read log files. Note that in versions of Ubuntu >= 12.04, this was renamed to admin (I read it somewhere, but in Lubuntu 14.04, it’s not renamed).

Hence, it’s better to add www-data user to the adm group :

sudo usermod -G adm www-data && sudo service apache2 restart

Now, all you have to do is, change the log file’s group to adm, by using :

sudo chown proxy:adm /var/log/squid/access.log

and the owner of the log file is proxy. The first string before “:” is the user and the second, the group.

In this tutorial, we used the Squid Web Server‘s log file as example. It’s just an example and can be used for any other log files. It can also be used for other files, but be careful – you’re messing with the core of Linux.

Show Comments