Re: /var/lib/apache/mod-bandwidth world-writable [forwarded]
On Fri, 6 Feb 2004, Philipp Weis wrote:
> Hi,
>
> On 04 Feb 2004, Fabio Massimo Di Nitto <fabbione@fabbione.net> wrote:
> > >From mod-bandwith source/documentation:
> >
> > * 3) Create the following directories with "rwx" permission to everybody :
> > * /tmp/apachebw
> > * /tmp/apachebw/link
> > * /tmp/apachebw/master
>
> Thanks for pointing me to the source documentation. But I do not get it at
> all. Could you please explain why rwx permissions are needed for any user?
> Why isn't a 770 on www-data sufficient? The only reason I can come up with
> is an suexec-enabled apache, but that is as far as I know not the default
> in debian.
It is possible to select suexec or not at install time.
> I'd prefer a more sane default on the write permissions of those
> directories. If 777 permissions are really necessary in some cases, this
> should be added to the mod_bandwidth documentation.
It is already in the code but if you think a note is required we can add
it. I don't see any problem with it.
>
> If you are not sure under what circumstances 777 permissions are required,
> I'd be willing to investigate further.
Yes please. That would be very nice since i am not a mod_bandwith user.
Thanks
Fabio
--
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues
http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html
Reply to: