Re: /var/lib/apache/mod-bandwidth world-writable [forwarded]
On Fri, 6 Feb 2004, Philipp Weis wrote:
> On 04 Feb 2004, Fabio Massimo Di Nitto <email@example.com> wrote:
> > >From mod-bandwith source/documentation:
> > * 3) Create the following directories with "rwx" permission to everybody :
> > * /tmp/apachebw
> > * /tmp/apachebw/link
> > * /tmp/apachebw/master
> Thanks for pointing me to the source documentation. But I do not get it at
> all. Could you please explain why rwx permissions are needed for any user?
> Why isn't a 770 on www-data sufficient? The only reason I can come up with
> is an suexec-enabled apache, but that is as far as I know not the default
> in debian.
It is possible to select suexec or not at install time.
> I'd prefer a more sane default on the write permissions of those
> directories. If 777 permissions are really necessary in some cases, this
> should be added to the mod_bandwidth documentation.
It is already in the code but if you think a note is required we can add
it. I don't see any problem with it.
> If you are not sure under what circumstances 777 permissions are required,
> I'd be willing to investigate further.
Yes please. That would be very nice since i am not a mod_bandwith user.
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues