mrtg config question
Jeff Vian
jvian10 at charter.net
Mon Jul 10 16:07:01 UTC 2006
On Sat, 2006-07-08 at 10:59 -0700, Al Sparks wrote:
> --- Don Russell <fedora at drussell.dnsalias.com> wrote:
>
> > I just installed mrtg 2.13.2 on FC5 and noticed the sample config file
> > in /etc/mrtg/mrtg.cfg
> >
> > This file has LogDir defined as /var/lib/mrtg
> >
> > I suppose it doesn't really matter... but is that an error/typo?
> > Shouldn't logs be kept in /var/log/... ?
> >
> > I was going to Bugzilla this, but thought I'd get some other opinions
> > first. :-)
> >
snip
> > Part 2: (The fun part) :-)
> >
> > I created a new userid (mrtg) and created a little script to run
> > cfgmaker and indexmaker, but now I don't know how to run mrtg so it can
> > produce the graphs etc in /var/www/mrtg...
> >
> > I suppose I could run mrtg as root... but I hate running stuff as root
> > if not needed.
> > Or, how can I grant write permission so the mrtg user can write to
> > /var/www/mrtg, but not other apache-owned files/directories?
>
> This is the fun part!!! Regarding the problem of access to files by 2
> userid's, the solution is groups. Here's one way to do it. You can
> create a 3rd userid, we'll call it httpdmrtg, and by default it will
> create a group by the same name. You can "chown", or change ownership
> of /var/www to that user id and group, for example:
> # chown -R httpmrtg:httpmrtg /var/www
> and you probably want write access to the files, so
> # find /var/www -type f | xargs chmod 660 # takes care of files
> and for directories you want the executable bit set:
> # find /var/www -type d | xargs chmod 770
>
> You then want to place the "mrtg" and the "http" (actually by default,
> apache uses the userid "nobody") as members of the group "httpdmrtg":
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Not with a default Redhat or Fedora install. Apache runs as
apache:apache on every install I have done for the past several years.
IIRC an install of apache from the upstream source, however, does run as
nobody:nobody.
> # gpasswd -a mrtg httpdmrtg
> # gpasswd -a http httpdmrtg
>
> You can also edit the /etc/group file to do the same thing, but using
> the gpasswd command ensures that the shadow password/group files get
> modified as appropriate.
>
> Also, there's more than one way to skin a cat. You don't have to
> create a third userid / group. When you create userid "mrtg", it will
> have it's own group, or "httpd" will also have its own group. You can
> make one a member of the other, and change the files so it's
> identified with that group.
>
> >
> > Thanks,
> > Don
> === Al
>
More information about the users
mailing list