Bug#277124: apache-common: /var/lib/apache/mod-bandwidth permissions

[Eric Lammerts]

Fabio Massimo Di Nitto wrote:
Eric Lammerts wrote:
| I would read the RTFM you know, if there was any...
There is one copied in several locations:
zless \
/usr/share/doc/apache{,-ssl,-perl,-dbg,-utils,-common}/README.Debian.gz
Whoops, I missed that. I only looked at README.mod_bandwidth. Maybe you 
should remove that file, it only causes confusion. But from the 
README.Debian.gz and the mail threads it refers to it doesn't actually 
become clear why the 777 permissions are needed...

sorry for the noise
Eric

Bug#277124: apache-common: /var/lib/apache/mod-bandwidth permissions

[Eric Lammerts]

Thom May wrote:
Thank you so much, we hadn't noticed we were deliberately creating a
directory with 777 permissions.
(yes, it is necessary, and yes, it is really necessary, and yes it's
absolutely necessary).
Well, maybe you can explain why? This directory is not gonna be accessed 
by anyone except apache, right?

I would read the RTFM you know, if there was any...
Eric

Bug#277124: apache-common: /var/lib/apache/mod-bandwidth permissions

[Eric Lammerts]

Package: apache-common
Version: 1.3.31-6
Postinst creates a /var/lib/apache/mod-bandwidth directory with 0777 
permissions. Is this really necessary? I don't think there should be 
world-writable directory in /var unless it's absolutely necessary.

Eric