Re: World readable log files

To: Ethan Benson <erbenson@alaska.net>
Cc: Dave Sherohman <esper@sherohman.org>, Olaf Meeuwissen <olaf@epkowa.co.jp>, debian-user@lists.debian.org
Subject: Re: World readable log files
From: Dave Sherohman <esper@sherohman.org>
Date: Mon, 25 Sep 2000 23:51:47 -0500 (CDT)
Message-id: <[🔎] E13dmia-00006s-00@pchan>
In-reply-to: <[🔎] 20000925203837.K1928@plato.local.lan> from Ethan Benson at "Sep 25, 2000 08:38:37 pm"

Ethan Benson said:
> it won't, apache does not use logrotate,  your log permissions are
> www-data.www-data mode 664 right now.  (which is even worse since now
> if someone cracks an apache child process they can tamper with your
> logs)
> 
> you need to edit /etc/cron.daily/apache to fix this.  (there is a file
> in /etc/apache to fix it so it does not chown them to www-data, but
> that still does not fix the 664/644 permissions.

Thanks for pointing me at the right place.  It seems to work OK with root.adm
ownership, too, teh same as (most of) the logs in /var/log.

-- 
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
Geek Code 3.1:  GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+
!K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+

Reply to:

References:
- Re: World readable log files
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: debian 2.2 on Ultra160?
Next by Date: Re: sawfish doesn't work
Previous by thread: Re: World readable log files
Next by thread: Re: Changing Mutt's defaults- possible?
Index(es):
- Date
- Thread