Ce jour Wed, 22 Dec 2004, Fabio Massimo Di Nitto a dit: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > rm@fabula.de wrote: > | On Wed, Dec 22, 2004 at 11:44:54AM +0100, Fabio Massimo Di Nitto wrote: > | it's funny, 'cause both of you have made good points. thing is, i've already chmodded my apache* log dirs 750 =;). this situation is different here though. only people allowed shell access are trusted people, therefore it doesn't matter much. the thing about security is to layer it. the more layers you have, the better. say an attacker breaks through one layer, there is yet another few or several layers they have get through to actually do any real harm. chmod 750 a log dir may or may not be a part of that. seems it's a touchy subject... but privacy concerns - for both individuals and organisations - are important too. how about: either having a short debconf question about chmod 750 /var/log/apache*, and asking yes or no; or, a mention in README.Debian about it. an admin that wants to do that anyway will do it, and for others it might give them something to think about. (yes this is a proposal *grin*). -- ,''`. http://www.debian.org/ GPG Print: 7C49 FD9C 1054 7300 3B7B : :' : Debian GNU/Linux 8BF4 6A88 7AE2 711D F097 ' `-
Attachment:
signature.asc
Description: Digital signature