Re: Bug#257108: apache: /var/lib/apache/mod-bandwidth/ is world writable
This has been discussed before several time. Here is one:
http://lists.debian.org/debian-apache/2004/02/msg00045.html
On Thu, 1 Jul 2004, Javier Fernández-Sanguino Peña wrote:
> Package: apache-common
> Version: 1.3.31-1
> Priority: important
> Tags: security
>
> I cannot really understand why this is needed:
>
> $ ls -la /var/lib/apache/mod-bandwidth/
> total 16
> drwxrwxrwx 4 www-data www-data 4096 2003-10-20 21:53 .
> drwxr-xr-x 3 root root 4096 2003-10-20 21:53 ..
> drwxrwxrwx 2 www-data www-data 4096 2003-10-14 14:38 link
> drwxrwxrwx 2 www-data www-data 4096 2003-10-14 14:38 master
>
> README.mod_bandwidth just says:
>
> No documentation available!
It is in the source code.
>
> So, is there any reason why mod-bandwith files should be writable by all
> users?
* 3) Create the following directories with "rwx" permission to everybody :
* /tmp/apachebw
* /tmp/apachebw/link
* /tmp/apachebw/master
*
* Note that if any of those directories doesn't exist, or if they can't
* be accessed by the server, the module is totaly disabled except for
* logging an error message in the logfile.
Fabio
--
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.
Reply to: