I'm running an Apache web server on a Ubuntu instance on AWS. Apache is writing its logs to the default directory /var/log/apache2 and only root has the permission to write the files there.

-rw-r----- 1 root adm     9858 Mar 29 11:12 access.log

I have checked that www-data does not belong to adm group.

Apache is running as www-data according to ps aux | grep apache

root      1263  0.0  0.6  89996  6460 ?        Ss   06:05   0:00 /usr/sbin/apache2 -k start
www-data  2432  0.0  1.3 382912 13604 ?        Sl   11:11   0:00 /usr/sbin/apache2 -k start
www-data  2433  0.0  1.3 448384 14012 ?        Sl   11:11   0:00 /usr/sbin/apache2 -k start

So is the Apache process running as root responsible for writing the logs?

1 Answers1


In the default Apache installation, all log files in /var/log/apache2 are written by root user. This is a security measure as it protects anyone from writing or gain access to the directory. It is recommended to not change the owner to www-data.

The Apache process running as root is responsible for writing the logs.

See also: http://httpd.apache.org/docs/2.2/logs.html#errorlog

  • Thanks. I did read https://httpd.apache.org/docs/2.4/logs.html#errorlog before asking but it says nothing about which user writes the logs. – David Johnson Mar 31 '18 at 03:10
  • https://httpd.apache.org/docs/2.4/misc/security_tips.html#serverroot is fairly clear that `root` writes the logs by default. _If the logs directory is writeable (by a non-root user), someone could replace a log file with a symlink to some other system file, and then root might overwrite that file with arbitrary data. If the log files themselves are writeable (by a non-root user), then someone may be able to overwrite the log itself with bogus data._ – David Johnson Mar 31 '18 at 04:00