# Apache log files for public_html

## turtles

I am setting up a user account on a Gentoo server to do some testing of a web application.

the user does not have root access, and will be running the applications from ${home}/public_html 

I got the .htaccess and the web app working but how can I give him his own apache error.log?

----------

## sebaro

Use "ErrorLog" directive:

http://httpd.apache.org/docs/current/mod/core.html#errorlog

```
ErrorLog "/home/[USER]/apache.log"
```

----------

## turtles

 *sebaro wrote:*   

> Use "ErrorLog" directive:
> 
> http://httpd.apache.org/docs/current/mod/core.html#errorlog
> 
> ```
> ...

 

Thanks sebaro, if I add that the the users .htaccess file 

Apache barfs and says  *Quote:*   

> /home/chris/public_html/.htaccess: ErrorLog not allowed here

 

I think I need to do some kind of system wide setting?

EDIT I tried a few more things:

 *Quote:*   

> /home/chris/public_html/.htaccess: Directory not allowed here 

 

This is my my 00_vhost.conf

```

<Directory /home/*/public_html>

            #AllowOverride All

            AllowOverride FileInfo Indexes Authconfig

            Options Indexes FollowSymLinks MultiViews

</Directory>

```

----------

## sebaro

http://httpd.apache.org/docs/current/mod/core.html#errorlog

 *Quote:*   

> Context:	server config, virtual host

 

Directives that can be added in the htaccess file must have the ". htaccess" context, ErrorLog doesn't have it.

So you have to put ErrorLog directive in the apache virtual host config file, not in the <Directory> directive.

----------

## turtles

 *sebaro wrote:*   

> http://httpd.apache.org/docs/current/mod/core.html#errorlog
> 
>  *Quote:*   Context:	server config, virtual host 
> 
> Directives that can be added in the htaccess file must have the ". htaccess" context, ErrorLog doesn't have it.
> ...

 

I see Yeah I am struggling with the apache docs I see now the "Context" 

My goal is for each persons home directory to contain a .apache_error.log

So thats back to what I tried first

```
   <Directory /home/*/public_html>

        Options Indexes FollowSymLinks MultiViews

        #AllowOverride FileInfo Indexes Authconfig

        #AllowOverride All Options

        AllowOverride All

        Require all granted

        #ErrorLog "/home/*/.apache_error_log"

</Directory>
```

EDIT getting closer:

I believe the %1 will use the home dire name:

```
<Directory /home/*/public_html>

        Options Indexes FollowSymLinks MultiViews

        #AllowOverride FileInfo Indexes Authconfig

        #AllowOverride All Options

        AllowOverride All

        Require all granted

        ErrorLog "/home/%1/.apache_error_log"

</Directory>
```

this does not throw a syntax error but says its not allowed here

----------

## sebaro

Directory is not in ErrorLog's Context list, so you can't use it there. You have to put it outside.

To get what you want you have to use a script instead of file, the script will append to the log for each user.

```
ErrorLog "|/path/to/script"
```

----------

## turtles

 *sebaro wrote:*   

> Directory is not in ErrorLog's Context list, so you can't use it there. You have to put it outside.
> 
> To get what you want you have to use a script instead of file, the script will append to the log for each user.
> 
> ```
> ...

 

That's getting complex and I imagine I would slow down the server to call bash every time?

I was just playing around with

```
SetEnvIf Request_URI "^/~([^/]+)/.*$" username=$1

CustomLog /home/${username}/.apache2.log combined
```

Or perhaps the 'adm' group could be used to give users read permission.

EDIT: I am testing out

```
chgrp -R adm /var/log/apache2/
```

Then adding users to that group that have a reason the view the log files.

The potential security issue is that all users can view the entire log.

----------

## sebaro

Try this:

https://serverfault.com/questions/441421/per-user-vhost-logging

Create two scripts like in the page, one for requests (CustomLog), one for errors (ErrorLog):

```

CustomLog "|/path/to/apache-requests-logger"

ErrorLog "|/path/to/apache-errors-logger"

```

Or use the group solution or you can put the logs in a user readable directory (eg: /opt).

----------

