TIP: Resolving AWstats permission denied error by www-data cron job
So if you have installed AWstats, a web-statistic program, on your machine you would have noticed that the cron job that it sets by default does not work. Meaning that the statistics on your AWstats web page does not get updated. If you do a search on Internet, you will find that lot of Ubuntu and Debian folks are facing the same problem. Also there are lot of other suggestions (but dangerous) that are given to make it work, but I have found the following solution to the most (but not completely) safest of all.
Let’s first take a look at the cron job that gets installed by default when you install AWstats in Debian Lenny:
debian:~# cat /etc/cron.d/awstats
0,10,20,30,40,50 * * * * www-data [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=mydomain.org -update>/dev/null
Now if you read the Debian specific README file at:
/usr/share/doc/awstats/README.Debian
it will say giving proper “read” permission to access.log file at /var/log/apache2/. Now even after giving read permission to that file, the “www-data” user is not able to access the apache log files. You can verify this by running the following command:
debian:~# sudo -u www-data /usr/bin/perl /usr/lib/cgi-bin/awstats.pl -update -config=mydomain.org
Output:
Create/Update database for config "/etc/awstats/awstats.mydomain.org.conf" by AWStats version 6.7 (build 1.892)
From data in log file "/var/log/apache2/access.log"...
Error: Couldn't open server log file "/var/log/apache2/access.log" : Permission denied
Setup ('/etc/awstats/awstats.mydomain.org.conf' file web server or permissions) may be wrong.
Check config file permissions and AWStats documentation (in 'docs' directory).
debian:~#
That’s right, even after giving read permission to access.log file, it still cannot read it.
After a lot of researching I finally tried the following command:
# chmod 755 -R /var/log/apache2/*
The above command makes the files “readable” and “executable” for the group “adm” and for “others” user.
Now the cron job, /etc/cron.d/awstats, will execute just fine you should be able to see your server’s statistics at:
http://mydomain.org/awstats/awstats.pl
Also if anyone of you find a better solution than above, please post it in the comment section below.
Happy CRON’ing!
Free Email Subscription
Loading ...
October 29th, 2009 at 1:26 am
[...] Now after every 10 minutes the cron job will run automatically and you can see your statistics as shown above. If you are having trouble getting the cron job to run, please this post. [...]
November 17th, 2009 at 3:52 pm
aaaah,
man, you got it!!!
thanks very much for the thread!
actually, i found it at
http://www.mail-archive.com/debian-user@lists.debian.org/msg558469.html
it’s really not my first awstats install,
but my first in lenny!
i got also one server running on etch, and
everything’s just fine on it.
as i finally found your thread, read it and
compared my apache2 log folder on lenny and
etch, i found that this folder has the right
permissions in the etch install: 755.
on lenny it’s 754, don’t to hell know why!
i thought i’ll do the install in half an
hour, and now i’m sitting all evening on it,
trying everything, almost desparing.
EXACTLY the same problem!
i wonder if we are the only ones with that,
i googled nothing similar out this evening.
thanks again!
cheers
Juri
Reply to this comment
Admin Reply:
November 17th, 2009 at 7:21 pm
Yes this one was a real pain to figure out! I am glad that this post was helpful to you.
Reply to this comment
November 18th, 2009 at 1:48 am
maybe you could replace
“# chmod 755 -R /var/log/apache2/*”
with
“# chmod 755 /var/log/apache2/”
for security.
it’s just the log directory that needs
“rx” mode,
the log files are fine with “644″ for
the www-data user, specified in the
logrotate job.
Reply to this comment
December 17th, 2009 at 9:57 pm
Running “chmod 755 /var/log/apache2/” worked for me on Karmic Koala. It did not with the *.
Reply to this comment
January 8th, 2010 at 9:38 am
Bubba is right. It only worked once you give the /var/log/apache2 directory itself 755, not just the files within it.
Reply to this comment