Logs should not be world readable

Description

The log directory should not be world readable. This could post a security concern if you allow untrusted people to log into your server or access your file system on the server in some way. Why you would do that I do not know, but we should use proper permissions none-the-less.

Environment

Unix based installs at a minimum

Activity

Show:
Francisco Vives
January 9, 2008, 10:23 PM

There was an error installing the .deb on debian. The package requires sun-java5-jre but it was installed sun-java6-jre. The package may check for sun-java6-jre | sun-java5-jre. Attached is the installation log deb_installation.log.

After installing the RPM in a Fedora environment, openfire couldn't write the output log because of permission denied.

Daniel Henninger
January 4, 2008, 11:36 AM

Enterprise, check. Done.

Daniel Henninger
January 4, 2008, 11:16 AM

Solaris and Mac, check.

Daniel Henninger
January 4, 2008, 11:13 AM

Debian, check.

Daniel Henninger
January 4, 2008, 11:08 AM

RPM, check.

Fixed

Assignee

Daniel Henninger

Reporter

Daniel Henninger