From owner-freebsd-www  Wed Oct 14 07:34:11 1998
Return-Path: <owner-freebsd-www>
Received: (from daemon@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA29374
          for www-outgoing; Wed, 14 Oct 1998 07:34:11 -0700 (PDT)
          (envelope-from owner-freebsd-www)
Received: from mail.cs.tu-berlin.de (mail.cs.tu-berlin.de [130.149.17.13])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA28625;
          Wed, 14 Oct 1998 07:25:15 -0700 (PDT)
          (envelope-from wosch@cs.tu-berlin.de)
Received: from caramba.cs.tu-berlin.de (wosch@caramba.cs.tu-berlin.de [130.149.17.12])
	by mail.cs.tu-berlin.de (8.9.1/8.9.1) with ESMTP id QAA26456;
	Wed, 14 Oct 1998 16:16:30 +0200 (MET DST)
Received: (from wosch@localhost)
	by caramba.cs.tu-berlin.de (8.9.1/8.9.0) id QAA19853;
	Wed, 14 Oct 1998 16:16:21 +0200 (MET DST)
Message-ID: <19981014161618.A15520@caramba.cs.tu-berlin.de>
Date: Wed, 14 Oct 1998 16:16:18 +0200
From: Wolfram Schneider <wosch@cs.tu-berlin.de>
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>, www@FreeBSD.ORG,
        core@FreeBSD.ORG
Subject: Re: Who disabled my urchin stats?
References: <20289.908310779@time.cdrom.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20289.908310779@time.cdrom.com>; from Jordan K. Hubbard on Tue, Oct 13, 1998 at 01:32:59PM -0700
Sender: owner-freebsd-www@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

I disabled the urchin stats Saturday morning because
this tool deleted most part of the web log files :-((((

Jordan started the urchin stats as root (!!!) from /etc/crontab
every day at 0:00. The urchin scripts also runs a 
own log file rotation script ;-{

At 4:00 the webmaster do the standard log file rotation. The 
result of the log rotation script clash are mostly empty
log files. All entries between 04:00 and 24:00 are deleted.
No thank you!

wosch@freefall <06:31:04> [/usr/local/www/log] 537
bash$ ls -ltr access.log*

-rw-r--r--  1 root  www   3294109 Sep 22 05:07 access.log.22.gz
-rw-r--r--  1 root  www   2945188 Sep 23 04:05 access.log.21.gz
-rw-r--r--  1 root  www   3187382 Sep 24 06:20 access.log.20.gz
-rw-r--r--  1 root  www    424313 Sep 25 07:33 access.log.19.gz <--
-rw-r--r--  1 root  www    254577 Sep 26 04:13 access.log.18.gz
-rw-r--r--  1 root  www    308604 Sep 27 05:08 access.log.17.gz
-rw-r--r--  1 root  www    396542 Sep 28 04:55 access.log.16.gz
-rw-r--r--  1 root  www    380190 Sep 29 04:58 access.log.15.gz
-rw-r--r--  1 root  www   2842729 Sep 30 04:13 access.log.14.gz
-rw-r--r--  1 root  www    553083 Oct  1 04:27 access.log.13.gz
-rw-r--r--  1 root  www    414772 Oct  2 05:03 access.log.12.gz
-rw-r--r--  1 root  www    219718 Oct  3 04:26 access.log.11.gz
-rw-r--r--  1 root  www    251724 Oct  4 04:21 access.log.10.gz
-rw-r--r--  1 root  www    344244 Oct  5 05:16 access.log.9.gz
-rw-r--r--  1 root  www    435448 Oct  6 04:13 access.log.8.gz
-rw-r--r--  1 root  www    354310 Oct  7 04:10 access.log.7.gz
-rw-r--r--  1 root  www    379927 Oct  8 04:18 access.log.6.gz
-rw-r--r--  1 root  www    403172 Oct  9 04:16 access.log.5.gz
-rw-r--r--  1 root  www    236091 Oct 10 04:00 access.log.4.gz <--
-rw-r--r--  1 root  www   2256957 Oct 11 04:02 access.log.3.gz
-rw-r--r--  1 root  www   2171273 Oct 12 04:22 access.log.2.gz
-rw-r--r--  1 root  www   2924677 Oct 13 04:13 access.log.1.gz

Log file rotation and log file analyzing are two different things.
The log file rotation script *must* run once a day as root.  Analyzing
tools are optional software. They should never be started as root!!

As I already you told, www.freebsd.org is our production server.
Don't run test software on www.freebsd.org! Don't do it as root!!
If you want perform test copy the log files to bento.freebsd.org
and run the scripts at bento.

This is the second case where a Core Team member used his root
privileges to break into the web server - without talking to me
directly. And I have to fix the bugs ...

Wolfram


On 1998-10-13 13:32:59 -0700, Jordan K. Hubbard wrote:
> Somebody went into the crontab file on freefall and disabled the
> urchin statistics, adding only a little "Jordan was here" comment.
> 
> Don't do this kind of thing.  I'm in the middle of a trial here with
> the folks in question and if you have any problem with it, TALK TO ME
> DIRECTLY.  Don't just edit it out of the crontab file without so much
> as a mention or I'm going to be compelled to start tightening up root
> access around here.  If we're not talking to one another, we're not
> being effective admins and fewer admins can be the only result.
> 
> Thanks.
> 
> - Jordan

-- 
Wolfram Schneider <wosch@freebsd.org> http://freebsd.org/~w/