Logs directory unreadable?


#1

I’m getting “Permission denied” when I try to read the logs directory (e.g., /home/username/logs/example.com/http) for any of my domains.

This directory was readable up until about a day or two ago.

Has anyone else noticed this?


#2

I am seeing the same problem.


#3

have either of you installed anything that modifies your .htaccess file or modified it yourself?

Does this apply? http://wiki.dreamhost.com/Making_stats_accessible_with_htaccess


#4

No, the problem is not in the web directory, the problem is with the logs directory itself, e.g., /home/username/logs/example.com/http is a symbolic link which points to /home/_domain_logs/username/example.com/http.nnnnnnn, and that directory is owned by root with permissions drwx–x--x, so it can’t be read by a non-root user.[hr]
Upon further investigation, it appears that the access.log and error.log files are still there and are still readable, e.g., these commands work:

cat /home/username/logs/example.com/http/access.log cat /home/username/logs/example.com/http/error.log

But the directory itself is unreadable, e.g., this command doesn’t work:

$ ls /home/username/logs/example.com/http/ ls: cannot open directory /home/username/logs/example.com/http/: Permission denied

Presumably the previous days’ archives are still there too, although it’s hard to tell since the directory contents can’t be listed.


#5

Only want to add a “me too”. Oddly enough, I have two domains on the same account and the logs of one of them are ok, but the ones from the other one aren’t.

Edit: Just opened a ticket, waiting for reply.


#6

Add another “me too”. I have 2 domains for which this is happening.
I also filed a support ticket today.


#7

Nice to know that I’m not the only one.

As of… ‘now’ it’s still not working and I still haven’t got any reply from support.


#8

I had this problem, and I got a reply from support to say that you are no longer allowed to access logs via FTP, you can only do it via shell now. (I couldn’t get them by shell for a while either, but I can now). Aaargh!

Does anybody know of instructions for how to batch download log files with an scp client in the same way that you can easily get wget to download logs via FTP?

I don’t understand why they haven’t told people that they changed this.


#9

Well, just to up the thread, I got a response from support saying basically “we’re looking into it”. As of… now, it’s still not working.

mbonh, I don’t use FTP, we’re having problems accessing the actual files from the shell, console, SSH Login, or whatever you prefer to call it.

Whatever problem you are having I believe it may not be related to this. This is a misconfiguration by Dreamhost part, admitted by them, and they are working on solving it. It’s not a change of policy.

If you need to download some files there are lots of options, like using scp as you mention, or sending them by email to you, or just putting them in a public directory on your web (public meaning that is accesible from the web, but not necesarily by anyone. You can protect it e.g. with mod_auth_digest so only you can download the files).

If you choose scp/ssh, the process of doing that is absolutely straightforward if you use a ‘proper’ OS :wink: like Linux or Mac OS X, and just a tiny bit less straightforward in Windows, as you probably need to download software by third parties in order to be able to do that.

I’m not familiar with the forum rules, but I supose that you should probably open a new thread with your question if you need help regarding that particular, although I’m pretty sure a google search will probably give you thousands of examples to look at.


#10

This is absolute nonsense. I’ve used software Putty and Filezilla trying ssh and cannot access the current log files. All I’m seeing are the logs which stopped on 5th August prior to the change.


#11

I just received a reply from support and the problem is solved indeed.


#12

My response from DH was:


#13

hm. this is troubling. i thoroughly enjoyed the ability to simply ftp into my site and read the raw .log files to get a real-time snapshot of what was happening with my stats.

really, dreamhost?
by you killing this “feature”, i’m pricing out alternative web hosts right this moment.

i’ve been with you guys for years and i would hate for this to be the issue that causes me to find hosting elsewhere with a competitor.

and if the current configuration is your final solution then please update your “official” knowledge base accordingly. As it is served now, it is incorrect:
http://blog.dreamhosters.com/kbase/index.cgi?area=400

thanks.


#14

You can still view the logs via ssh. You just can’t do so using FTP at the present time.

[quote]and if the current configuration is your final solution then please update your “official” knowledge base accordingly. As it is served now, it is incorrect:
http://blog.dreamhosters.com/kbase/index.cgi?area=400
[/quote]

Per the black notice on the top of that page, it’s an unofficial, five-year-old mirror of our (old) Knowledge Base.


#15

You look at the raw log files for a snapshot? Isn’t that inefficient? I’ve written a few scripts using basic [font=Courier]cat[/font] and [font=Courier]grep[/font] and the like to summarise the logs, but I only look at the logs when I’m trying to track down some abnormal behaviour on the part of the app or the users. If you want something real time, why not write a small [font=Courier]php[/font] program that calls a [font=Courier]bash[/font] script to summarise the logs and then display the result in a browser? You could do simple password protection with [font=Courier].htaccess[/font]. I’m sure that would be far better than looking through the logs in an FTP client.

You shouldn’t be using FTP anyway as your account information won’t be secure. At least with [font=Courier].htaccess[/font] you can set up a user/pass that only applies to the summary page.


#16

true. apologies. in my haste to find the simple solution to a seemingly simple problem, i misread “unofficial” as “official”.

still, leaves me surprised there is no “official” knowledge base that does address the issue.

my problem still stands, however; “Due to the nature of the issue, we will not be able to switch it back to the previous method by which logs were FTP accessible either”. not cool, dreamhost.


#17

wiki.dreamhost.com not official enough for you? it’s linked from the top of the panel…

When it comes to FTP, which is inherently insecure, I’m more likely to see restricted use of it as a bonus. Anything which prevents my sites from being attacked, especially from someone else’s account or lax security practices, is a plus in my book.


#18

yes.

to who? you? no, not inefficient to me. worked great for my needs, thanks.

because that route is beyond my needs. I just want simple ftp access to the .log text file. plain and simple as that.

[quote=“bobocat, post:15, topic:55753”]
You shouldn’t be using FTP anyway as your account information won’t be secure. [/quote]

thanks, i appreciate the advice.
but i really just want my .log file available through ftp again.


#19

Couldn’t have explained it better myself…


#20

[color=#FF0000]WARNING: this script probably has multiple vulnerability issues. You should make an effort to secure it with both .htaccess and limiting to a known IP address (and probably more).[/color]

Assuming you know your IP address in advance or are willing to secure this script by other means (recommended!), you could do something like this:

[php]

<?php // change to match your IP address: $ip_address = '0.0.0.0'; if($_SERVER['REMOTE_ADDR'] != $ip_address) { echo "

Not authorised!

"; die(); } $site = (preg_match('/[\(\)\|;\s]+/', $_GET['site']) === 0) ? $_GET['site'] : null ; $which = (preg_match('/[\(\)\|;\.\s]+/', $_GET['which']) === 0) ? $_GET['which'] : null ; if ($site === null || $which === null) { echo "

Hacker!

"; die(); } $r = shell_exec("cat /logs/$site/http/$which.log"); if ($r == null) { $r = "Sorry, $which.log for http://$site is empty."; } echo "
$r
"; ?>

[/php]

Then the following would give you your log: [font=Courier]http://example.com/?site=mysite.com&which=access[/font]