Bug#264622: apache2-common: /var/cache/apache2 has wrong permissions
Package: apache2-common
Version: 2.0.50-7
Severity: normal
apache2-common creates /var/cache/apache2 as root:root 755, it
should be www-data:www-data 700
Because:
1) Apache2 runs as www-data and can't access proxy directory since it
is owned by root No data is cached and thus, Apache 2 only acts as a
forward proxy
2) Giving read and execution permissions to others isn't necessary.
Luckily Apache2 creates entries as www-data:www-data 700, so it can't
lead to a security hole.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-ck1
Locale: LANG=es_ES, LC_CTYPE=es_ES (ignored: LC_ALL set to es_ES)
Versions of packages apache2-common depends on:
ii debconf 1.4.30 Debian configuration management sy
ii debianutils 2.8.4 Miscellaneous utilities specific t
ii libapr0 2.0.50-7 The Apache Portable Runtime
ii libc6 2.3.2.ds1-15 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-16 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.6-8 XML parsing C library - runtime li
ii libldap2 2.1.30-3 OpenLDAP libraries
ii libmagic1 4.10-3 File type determination library us
ii libssl0.9.7 0.9.7d-5 SSL shared libraries
ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-10 The NET-3 networking toolkit
ii openssl 0.9.7d-5 Secure Socket Layer (SSL) binary a
ii ssl-cert 1.0-8 Simple debconf wrapper for openssl
ii zlib1g 1:1.2.1.1-5 compression library - runtime
-- no debconf information
Reply to: