Re: World readable log files
Ethan Benson said:
> it won't, apache does not use logrotate, your log permissions are
> www-data.www-data mode 664 right now. (which is even worse since now
> if someone cracks an apache child process they can tamper with your
> logs)
>
> you need to edit /etc/cron.daily/apache to fix this. (there is a file
> in /etc/apache to fix it so it does not chown them to www-data, but
> that still does not fix the 664/644 permissions.
Thanks for pointing me at the right place. It seems to work OK with root.adm
ownership, too, teh same as (most of) the logs in /var/log.
--
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
Geek Code 3.1: GCS d- s+: a- C++ UL++$ P+>+++ L+++>++++ E- W--(++) N+ o+
!K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r++ y+
Reply to: