Bug#191237: No, this could be a security problem.
retitle 191237 Default apache logfiles: world readable yes/no?
tags 191237 =
On Sat, Nov 29, 2003 at 06:30:46PM +0000, Thom May wrote:
> tags 191237 wontfix
> The reason that this is not done is that the logs could contain sensitive data
> such as credit card details. This is also the reason the logs are not world
> As such, I think I won't fix this "bug".
Currently, new logfiles are created by apache with 0640 root.root,
making them root-only readable. Logrotate will create the next one 0644
root.adm, making them world-readable.
This is inconsistent, but more importantly, this completely orthogonal
to what you, Thom, say here, as logfiles now ARE being made
I don't think they should, 0640 root.adm in all cases is a good default.
Jeroen van Wolffelaar