Your message dated Wed, 26 Jan 2005 22:36:11 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#272102: awstats statistics world-writable, why?
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Sep 2004 13:06:53 +0000
>From [EMAIL PROTECTED] Fri Sep 17 06:06:52 2004
Return-path: <[EMAIL PROTECTED]>
Received: from cpe.atm0-0-0-2421032.0x3ef2dbfa.arcnxx7.customer.tele.dk
(host.kl-teknik.com) [62.242.219.250]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1C8IRw-0000x6-00; Fri, 17 Sep 2004 06:06:52 -0700
Received: from homer.thepenguininvasion.dk
(0x5358aaae.abnxx12.adsl-dhcp.tele.dk [::ffff:83.88.170.174])
(AUTH: PLAIN [EMAIL PROTECTED])
by host.kl-teknik.com with esmtp; Fri, 17 Sep 2004 15:12:19 +0200
id 0002AD09.414AE2B3.0000351F
From: Frederik Dannemare <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: awstats statistics world-writable, why?
Date: Fri, 17 Sep 2004 15:12:08 +0200
User-Agent: KMail/1.6.2
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: Text/Plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: awstats
Version: 6.1-2
Severity: normal
Why are the awstats statistics files created world-writable?
mrburns:/etc/awstats# ls -la /var/lib/awstats/
total 10
drwxr-x--- 2 www-data www-data 1024 Sep 17 15:03 .
drwxr-xr-x 22 root root 1024 Sep 17 14:50 ..
=2D -rw-rw-rw- 1 www-data www-data 7580 Sep 17 15:03 awstats092004.txt
I realize that the /var/lib/awstats directory itself is not reachable by=20
users other than www-data, but still: why? It's not sane default=20
permissions, IMO.
B/R,
=2D --=20
=46rederik Dannemare | mailto:[EMAIL PROTECTED]
http://qa.debian.org/developer.php?login=3DFrederik+Dannemare
http://frederik.dannemare.net | http://www.linuxworlddomination.dk
Key fingerprint: BB7B 078A 0DBF 7663 180A F84A 2D25 FAD5 9C4E B5A8
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBSuKoLSX61ZxOtagRAhGrAKCXyEdxK7K7ezaoIbzuuiXO/Z6fBACeI1wR
q9FwNhfuM5inAnt47GdEg7k=3D
=3DIaZQ
=2D----END PGP SIGNATURE-----
---------------------------------------
Received: (at 272102-done) by bugs.debian.org; 26 Jan 2005 21:35:49 +0000
>From [EMAIL PROTECTED] Wed Jan 26 13:35:49 2005
Return-path: <[EMAIL PROTECTED]>
Received: from cpe.atm0-0-0-2421032.0x3ef2dbfa.arcnxx7.customer.tele.dk
(host.kl-teknik.com) [62.242.219.250]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CtupI-0003Ec-00; Wed, 26 Jan 2005 13:35:48 -0800
Received: from homer.thepenguininvasion.dk
(0x5358aaae.abnxx12.adsl-dhcp.tele.dk [::ffff:83.88.170.174])
(AUTH: PLAIN [EMAIL PROTECTED])
by host.kl-teknik.com with esmtp; Wed, 26 Jan 2005 22:35:48 +0100
id 0002ADE7.41F80D34.00000A5C
From: Frederik Dannemare <[EMAIL PROTECTED]>
To: Jonas Smedegaard <[EMAIL PROTECTED]>
Subject: Re: Bug#272102: awstats statistics world-writable, why?
Date: Wed, 26 Jan 2005 22:36:11 +0100
User-Agent: KMail/1.7.1
Cc: [EMAIL PROTECTED]
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_01,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
On Tuesday 21 December 2004 15:35, Jonas Smedegaard wrote:
> On 17-09-2004 15:12, Frederik Dannemare wrote:
> > Why are the awstats statistics files created world-writable?
>
> Either it is a packaging error, or a (wrong, IMHO) upstream design
> decision.
>
> Please provide a patch to fix it, if you can. Alternatively I shall
> do so at some point.
>
> Thanks for noticing!
Finally found some time to investigate, and it seems to be the fault of
upstream's choice of default value for variable
SaveDatabaseFilesWithPermissionsForEveryone
So indeed it is an upstream "design" decision. I should have paid closer
attention to the docs, but nonetheless I personally think upstream
should choose not to enable that particular variable by default.
Anyways, it helps that the default DirData (/var/lib/awstats) of the
Debian package defaults to chmod 750, thus protecting the chmod 666
files in there.
Guess it's fair to close this one, but maybe a note about the issue
should be added to README.Debian with the next upload of awstats.
Merely a suggestion.
B/R,
--
Frederik Dannemare | mailto:[EMAIL PROTECTED]
http://qa.debian.org/developer.php?login=Frederik+Dannemare
http://frederik.dannemare.net | http://www.linuxworlddomination.dk
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
