Jump to content

Recommended Posts

I am trying to learn how to properly log errors.  While not my primary topic of this post, I would appreciate any comments on the below script and whether I am doing it "right".

 

Specifically, I am trying to write error_log to a file.  I run the below code, and get the following response.  The first two were expected, but I cannot open validation.log to write to it.  I've even made it 0777 but still cannot do so (see the bottom of this post).  I've noticed that all the other log files are owned by root with limited permissions, so I would think that I shouldn't have even needed to change the permissions.

 

What am I doing wrong?  Thank you

 

An error occurred in script '/var/www/test/html/testing/errors.php' on line 8: Undefined variable: divisor (error no: 
An error occurred in script '/var/www/test/html/testing/errors.php' on line 14: Cannot divide by zero (error no: 256)
An error occurred in script '/var/www/test/html/testing/errors.php' on line 19: error_log(/var/log/httpd/test/validation.log): failed to open stream: Permission denied (error no: 2)
<?php

class test extends base_class
{
    public function testError()
    {
        syslog(LOG_INFO,'Use this for troubleshooting and not errors?');
        $x=$divisor;
    }
    public function testTrigger()
    {
        $divisor=0;
        if ($divisor == 0) {
            trigger_error("Cannot divide by zero", E_USER_ERROR);
        }
    }
    public function customErrorLogs()
    {
            error_log("Some validation error.", 3, "/var/log/httpd/test/validation.log");
    }
}

abstract class base_class
{

    public function __construct()
    {
        //Should this be setup in httpd.conf?
        ini_set('display_errors', 1);
        error_reporting(E_ALL);
        set_error_handler(array($this,"my_error_handler"));

        //Log all to LOG_LOCAL0 which /etc/rsyslog.conf will send to /var/log/test/syslog.log
        openlog('custom_log', LOG_NDELAY, LOG_LOCAL0);
    }

    public function my_error_handler($errno, $errstr, $errfile, $errline, $errcontext) {
        $message = "An error occurred in script '$errfile' on line $errline: $errstr (error no: $errno)";
        if (true || in_array(substr($_SERVER['HTTP_HOST'], 0, 5), array('local', '127.0', '192.1'))) {
            echo $message.'<hr>';

        } else {
            error_log ($message);
            if ( ($errno != E_NOTICE) && ($errno < 2048)) {
                exit('<div class="error">A system error occurred. We apologize for the inconvenience.</div>');
            }

        }
    }

}

$test=new test();
$test->testError();
$test->testTrigger();
$test->customErrorLogs();

?>
[root@devserver test]# pwd
/var/log/httpd/test
[root@devserver test]# ls -l
total 456828
-rw-r--r--. 1 root    root  54840026 Dec 16 08:29 access.log
-rw-r--r--. 1 root    root   2606759 Dec 16 07:13 error.log
-rw-r--r--. 1 root    root  24020851 Dec 16 08:29 forwarded.log
-rw-r--r--. 1 root    root  54840026 Dec 16 08:29 log
-rw-r--r--. 1 root    root 331450147 Dec 16 08:29 rewrite
-rw-------. 1 root    root       332 Dec 16 08:29 syslog.log
-rwxrwxrwx. 1 Michael www          0 Dec 16 08:27 validation.log
[root@devserver test]#
Link to comment
https://forums.phpfreaks.com/topic/293129-error_log-to-file/
Share on other sites

PHP needs not just write permission on the file itself but also execute permission on all the parent directories.

 

Ah, I see.  But why can I write to error.log which is in the same directory?

 

PS. Sorry about that earlier post and thank you for deleting it.  Curious, though, why it showed zero views....

Link to comment
https://forums.phpfreaks.com/topic/293129-error_log-to-file/#findComment-1499760
Share on other sites

You can't. It's writable only by root and I'm sure you're not running as root.

But I am.  To be extra sure, I emptied the file using vi.  At first it wouldn't log errors, but I restarted Apache which resulted in a "[warn] RSA server certificate CommonName (CN)" error, and then they are being logged here.  Maybe the file can't be empty?

 

I did the same with syslog, and at first it wasn't being written to, but after restarting rsyslog, it too is being written to.  I guess this one makes more sense because I think PHP is just invoking the roots syslog.

 

And, no I am not running as root.  I tested that with get_current_user(), and am running as phped.

 

[root@devserver test]# pwd
/var/log/httpd/test
[root@devserver test]# ls -l
total 455756
-rw-r--r--. 1 root root  54859022 Dec 16 12:13 access.log
-rw-r--r--. 1 root root      1097 Dec 16 12:16 error.log
-rw-r--r--. 1 root root  24027750 Dec 16 12:13 forwarded.log
-rw-r--r--. 1 root root  54859022 Dec 16 12:13 log
-rw-r--r--. 1 root root 332912008 Dec 16 12:13 rewrite
-rw-------. 1 root root      1514 Dec 16 12:13 syslog.log
[root@devserver test]# vi error.log
[root@devserver test]# vi syslog.log
[root@devserver test]# ls -l
total 455748
-rw-r--r--. 1 root root  54859022 Dec 16 12:13 access.log
-rw-r--r--. 1 root root         0 Dec 16 12:18 error.log
-rw-r--r--. 1 root root  24027750 Dec 16 12:13 forwarded.log
-rw-r--r--. 1 root root  54859022 Dec 16 12:13 log
-rw-r--r--. 1 root root 332912008 Dec 16 12:13 rewrite
-rw-------. 1 root root         0 Dec 16 12:18 syslog.log
[root@devserver test]# # Use PHP
[root@devserver test]# ls -l
total 455748
-rw-r--r--. 1 root root  54859195 Dec 16 12:19 access.log
-rw-r--r--. 1 root root         0 Dec 16 12:18 error.log
-rw-r--r--. 1 root root  24027834 Dec 16 12:19 forwarded.log
-rw-r--r--. 1 root root  54859195 Dec 16 12:19 log
-rw-r--r--. 1 root root 332913148 Dec 16 12:19 rewrite
-rw-------. 1 root root         0 Dec 16 12:18 syslog.log
[root@devserver test]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
[root@devserver test]# service rsyslog restart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
[root@devserver test]# # Use PHP
[root@devserver test]# ls -l
total 455756
-rw-r--r--. 1 root root  54859368 Dec 16 12:19 access.log
-rw-r--r--. 1 root root       856 Dec 16 12:19 error.log
-rw-r--r--. 1 root root  24027918 Dec 16 12:19 forwarded.log
-rw-r--r--. 1 root root  54859368 Dec 16 12:19 log
-rw-r--r--. 1 root root 332914288 Dec 16 12:19 rewrite
-rw-------. 1 root root       133 Dec 16 12:19 syslog.log
[root@devserver test]# cat error.log
[Tue Dec 16 12:19:33 2014] [warn] RSA server certificate CommonName (CN) `www.mysite.com' does NOT match server name!?
[Tue Dec 16 12:19:34 2014] [warn] RSA server certificate CommonName (CN) `www.mysite.com' does NOT match server name!?
[Tue Dec 16 12:19:48 2014] [error] [client 192.168.1.1] An error occurred in script '/var/www/test/html/testing/errors.php' on line 11: Undefined variable: divisor (error no: 
[Tue Dec 16 12:19:48 2014] [error] [client 192.168.1.1] An error occurred in script '/var/www/test/html/testing/errors.php' on line 17: Cannot divide by zero (error no: 256)
[Tue Dec 16 12:19:48 2014] [error] [client 192.168.1.1] An error occurred in script '/var/www/test/html/testing/errors.php' on line 23: error_log(/var/log/httpd/test/validation.log): failed to open stream: Permission denied (error no: 2)
[root@devserver test]# cat syslog.log
Dec 16 12:19:48 devserver custom_log: Use this for troubleshooting and not errors?
Dec 16 12:19:48 devserver custom_log: Some error?
[root@devserver test]#
Edited by NotionCommotion
Link to comment
https://forums.phpfreaks.com/topic/293129-error_log-to-file/#findComment-1499765
Share on other sites

Okay, easy question:

 

What are the permissions on /var/log/httpd and /var/log/httpd/test?

 

Maybe I have Apache running as root?  Yikes, that wouldn't be good...

drwx------. 4 root  root      4096 Dec 14 03:06 httpd
drwxr-xr-x. 2 root  root      4096 Dec 16 13:20 test
Link to comment
https://forums.phpfreaks.com/topic/293129-error_log-to-file/#findComment-1499780
Share on other sites

Thank you requinix,

 

So, if only root can access access /var/log/httpd, and I am evidently doing so with Apache, then I must be running Apache as root, right?

 

Guess that explains it.

[root@devserver ~]# ps aux | egrep '(apache|httpd)'
root     17936  0.0  0.1 404344 14592 ?        Ss   13:20   0:00 /usr/sbin/httpd
apache   17938  0.0  0.1 506148 18172 ?        S    13:20   0:00 /usr/sbin/httpd
apache   17939  0.0  0.1 502068 14096 ?        S    13:20   0:00 /usr/sbin/httpd
apache   17940  0.0  0.1 506932 21532 ?        S    13:20   0:01 /usr/sbin/httpd
apache   17941  0.0  0.1 508464 22892 ?        S    13:20   0:01 /usr/sbin/httpd
apache   17942  0.0  0.1 506688 18480 ?        S    13:20   0:00 /usr/sbin/httpd
apache   17943  0.0  0.1 501992 13764 ?        S    13:20   0:03 /usr/sbin/httpd
apache   17944  0.0  0.1 506536 18460 ?        S    13:20   0:00 /usr/sbin/httpd
apache   17945  0.0  0.1 506296 18296 ?        S    13:20   0:00 /usr/sbin/httpd
root     19375  0.0  0.0 101024   848 pts/0    S+   14:20   0:00 egrep (apache|httpd)
[root@devserver ~]# ps aux | grep apache2
root     19377  0.0  0.0 103252   840 pts/0    S+   14:20   0:00 grep apache2
[root@devserver ~]# ps axo user,group,comm | grep apache
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
apache   apache   httpd
[root@devserver ~]#

 

Link to comment
https://forums.phpfreaks.com/topic/293129-error_log-to-file/#findComment-1499790
Share on other sites

Hello again,

 

Looking back at outputs of  "ps aux | grep httpd" and similar, it doesn't seem I am running Apache as root.  I asked similar questions at http://www.linuxquestions.org/questions/linux-newbie-8/am-i-running-apache-as-the-root-user-4175528496/, and the consensus is I am not running Apache as root.

 

Then why can I write to /var/log/httpd/test/errors.php using PHP when it is only open to root?

Link to comment
https://forums.phpfreaks.com/topic/293129-error_log-to-file/#findComment-1499954
Share on other sites

Pretty sure apache initially opens the it's log files as root, then the child processes handling requests inherit the open file handles. PHP on the other hand would be running as whatever user/group the child processes run as which would result in permission errors.

 

If you pre-create your validation.log file, then you should just need write permission on it, and at least execute permission on directories leading up to it. If you expect PHP to create it if it does not exist, then you'd need write permission on the files directory as well.

Link to comment
https://forums.phpfreaks.com/topic/293129-error_log-to-file/#findComment-1499957
Share on other sites

Pretty sure apache initially opens the it's log files as root, then the child processes handling requests inherit the open file handles. PHP on the other hand would be running as whatever user/group the child processes run as which would result in permission errors.

 

If you pre-create your validation.log file, then you should just need write permission on it, and at least execute permission on directories leading up to it. If you expect PHP to create it if it does not exist, then you'd need write permission on the files directory as well.

 

I've tried making it 777, but still couldn't write to validation.log when it was located in /var/log/httpd/test.

 

I think I have a theory.  When I use the following, PHP passes the error to the SAPI Error Logger which is running as root, and thus could write to that directory and file. Still a little hazy on what the SAPI Error Logger really is, but I expect it is some system wide process for writing to the log.

error_log ('Hello');

Reference: http://php.net/manual/en/errorfunc.configuration.php#ini.error-log

error_log string

Name of the file where script errors should be logged. The file should be writable by the web server's user. If the special value syslog is used, the errors are sent to the system logger instead. On Unix, this means syslog(3) and on Windows NT it means the event log. The system logger is not supported on Windows 95. See also: syslog(). If this directive is not set, errors are sent to the SAPI error logger. For example, it is an error log in Apache or stderr in CLI. See also error_log().

 

 

 

On the other hand, when I use the following, it is being written by php, thus even if php has permission to write to the file, php doesn't have execute permission on all the parent directories.

error_log("Some validation error.", 3, "/var/log/httpd/test/validation.log");

Make sense?

Link to comment
https://forums.phpfreaks.com/topic/293129-error_log-to-file/#findComment-1499982
Share on other sites

I've tried making it 777, but still couldn't write to validation.log when it was located in /var/log/httpd/test.

Yes, because of:

 

drwx------. 4 root  root      4096 Dec 14 03:06 httpd

 

Unless you've changed that, PHP doesn't have execute permissions on that directory, hence the file is not accessible.

Link to comment
https://forums.phpfreaks.com/topic/293129-error_log-to-file/#findComment-1500021
Share on other sites

Technically error_log('Hello')'s behavior would depend on what the error_log ini directive is.

 

If in PHP.ini you setup error_log=/var/log/httpd/test/validation.log then the two calls should be equivalent, including the permissions problems.

 

In general though people tend to not setup error_log to point to a specific file so it ends up going to the SAPI's default handler which is apaches error log in the case of mod_php.

  • Like 2
Link to comment
https://forums.phpfreaks.com/topic/293129-error_log-to-file/#findComment-1500039
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.