We're updating the issue view to help you get more done. 

Logs should not be world readable

Description

The log directory should not be world readable. This could post a security concern if you allow untrusted people to log into your server or access your file system on the server in some way. Why you would do that I do not know, but we should use proper permissions none-the-less.

Environment

Unix based installs at a minimum

Acceptance Test - Entry

None

Activity

Show:
Daniel Henninger
January 4, 2008, 11:08 AM

RPM, check.

Daniel Henninger
January 4, 2008, 11:13 AM

Debian, check.

Daniel Henninger
January 4, 2008, 11:16 AM

Solaris and Mac, check.

Daniel Henninger
January 4, 2008, 11:36 AM

Enterprise, check. Done.

Francisco Vives
January 9, 2008, 10:23 PM

There was an error installing the .deb on debian. The package requires sun-java5-jre but it was installed sun-java6-jre. The package may check for sun-java6-jre | sun-java5-jre. Attached is the installation log deb_installation.log.

After installing the RPM in a Fedora environment, openfire couldn't write the output log because of permission denied.

Assignee

Daniel Henninger

Reporter

Daniel Henninger

Labels

None

Expected Effort

None

Ignite Forum URL

None

Components

Fix versions

Priority

Major
Configure