[SOLVED] Pipe apache2 CustomLog to a program runnng as a different user

Issue

I have a program a2log2pg that takes an apache2 CustomLog and writes it to a database.

In apache2.conf, I have a line that defines a CustomLog and pipes it to a2log2pg.

CustomLog "|/usr/bin/a2log2pg" combined

where combined is one of the apache log formats.

Although it all works fine, this technique results in a2log2pg running as root. I’d rather run it as an unprivileged user, specifically a user called a2logger.

To that end, I’ve been attempting to use this line:

CustomLog "| sudo -u a2logger /usr/bin/a2log2pg" combined

but apache then refuses to start. The error in the apache log is:

No such file or directory: AH00104: unable to start piped log program ' sudo -u a2logger /usr/bin/a2log2pg'

Is there some other syntax that would allow this to work?

Leaving apache aside for a moment, if I try something similar, but just using shell scripts, it works:

$ cat 1234.txt
one
two
three
four
$ cat countlines.sh
#!/bin/bash
counter=0
while read line
do
  ((++counter))
done<&0
echo $USER counted $counter lines

and then, logged in as root

# cat 1234.txt | sudo -u a2logger ./countlines.sh
a2logger counted 4 lines

Solution

You need to provide the absolute path there and avoid leading spaces, like this:

CustomLog "|/usr/bin/sudo -u a2logger /usr/bin/a2log2pg" combined

Answered By – Erwin

Answer Checked By – Pedro (BugsFixing Volunteer)

Leave a Reply

Your email address will not be published.