[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /var/lib/apache/mod-bandwidth world-writable [forwarded]

Hi,

On 04 Feb 2004, Fabio Massimo Di Nitto <fabbione@fabbione.net> wrote:
> >From mod-bandwith source/documentation:
> 
>  * 3) Create the following directories with "rwx" permission to everybody :
>  *    /tmp/apachebw
>  *    /tmp/apachebw/link
>  *    /tmp/apachebw/master

Thanks for pointing me to the source documentation. But I do not get it at
all. Could you please explain why rwx permissions are needed for any user?
Why isn't a 770 on www-data sufficient? The only reason I can come up with
is an suexec-enabled apache, but that is as far as I know not the default
in debian.

I'd prefer a more sane default on the write permissions of those
directories. If 777 permissions are really necessary in some cases, this
should be added to the mod_bandwidth documentation.

If you are not sure under what circumstances 777 permissions are required,
I'd be willing to investigate further.

Thanx

Philipp


-- 
Philipp Weis          pweis@pweis.com
Freiburg, Germany     http://pweis.com/
Reply to: