From 22cb343ab0e6d36a6e92a1795fa4b30bdc1e25c1 Mon Sep 17 00:00:00 2001
From: Niek Beernink <n.beernink@oxilion.nl>
Date: Tue, 3 Jun 2014 12:16:23 +0200
Subject: [PATCH 1/2] make logroot_mode configurable

---
 manifests/vhost.pp         |  2 ++
 spec/defines/vhost_spec.rb | 12 ++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/manifests/vhost.pp b/manifests/vhost.pp
index fe0ef28c3..d894fca71 100644
--- a/manifests/vhost.pp
+++ b/manifests/vhost.pp
@@ -110,6 +110,7 @@
     $directoryindex              = '',
     $vhost_name                  = '*',
     $logroot                     = $::apache::logroot,
+    $logroot_mode                = undef,
     $log_level                   = undef,
     $access_log                  = true,
     $access_log_file             = undef,
@@ -274,6 +275,7 @@
   if ! defined(File[$logroot]) {
     file { $logroot:
       ensure  => directory,
+      mode    => $logroot_mode,
       require => Package['httpd'],
     }
   }
diff --git a/spec/defines/vhost_spec.rb b/spec/defines/vhost_spec.rb
index fde65d1f2..2152d79b5 100644
--- a/spec/defines/vhost_spec.rb
+++ b/spec/defines/vhost_spec.rb
@@ -1110,6 +1110,18 @@
           expect { subject }.to raise_error(Puppet::Error, /'error_log_file' and 'error_log_pipe' cannot be defined at the same time/)
         end
       end
+      describe 'when logroot and logroot_mode are specified' do
+        let :params do default_params.merge({
+          :logroot       => '/rspec/logroot',
+          :logroot_mode  => '0755',
+        }) end
+        it 'should set logroot mode' do
+          should contain_file(params[:logroot]).with({
+            :ensure => :directory,
+            :mode   => '0755',
+          })
+        end
+      end
       describe 'when docroot owner and mode is specified' do
         let :params do default_params.merge({
           :docroot_owner => 'testuser',

From 2771531843fc4062f8136b9e41e75175f629a9c6 Mon Sep 17 00:00:00 2001
From: Niek Beernink <n.beernink@oxilion.nl>
Date: Tue, 3 Jun 2014 12:16:23 +0200
Subject: [PATCH 2/2] make logroot_mode configurable

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index e57ef983c..300aa6650 100644
--- a/README.md
+++ b/README.md
@@ -331,6 +331,11 @@ Define additional [LogFormats](https://httpd.apache.org/docs/current/mod/mod_log
 
 Changes the directory where Apache log files for the virtual host are placed. Defaults to '/var/log/httpd' on RedHat, '/var/log/apache2' on Debian, and '/var/log/apache22' on FreeBSD.
 
+#####`logroot_mode`
+
+Overrides the mode the logroot directory is set to. Defaults to undef. Do NOT give people write access to the directory the logs are stored
+in without being aware of the consequences; see http://httpd.apache.org/docs/2.4/logs.html#security for details.
+
 #####`manage_group`
 
 Setting this to 'false' will stop the group resource from being created. This is for when you have a group, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established group would result in a duplicate resource error.