From: <tm...@ob...> - 2006-12-22 16:29:20
|
Craig Barratt <cba...@us...> wrote on 12/22/2006 07:29:53 AM: > Tim writes: > > > I have a problem with the permissions on configuration files modified by > > the BackupPC GUI. The files are given 644 permissions, and owned by > > backuppc:apache. > > > > This is a problem. With 644 permissions, my rsyncd passwords are now > > world-readable. That is a deal-killer. Also, from my tests it does not > > seem that apache needs to have group ownership. After all, the CGI script > > is running setuid as backuppc, right? > > It's usually a higher-level directory that protects these > files from access. Can you check the parent directories? They are all 755, IIRC. However, I was the one that set them that way: there was a permission problem in getting the system to run in the first place, which I fixed with a chmod -R 755. I don't remember the exact details, but I belive that config.pl was set with permissions that prevented the CGI script from accessing it. However, I had manually set the .pl files to backuppc:backuppc 640. > In any case, changing the modes to 640 sounds like a good > idea. What about group ownership by apache? Is there any reason for this? It doesn't seem like making the file readable by apache is such a good idea. It seems that any user would be able to create a CGI script to read the .pl files. Is there an acutal reason for apache to be given group ownership? However, if changing the permissions on the pc directory will fix this, then I will do that. Thank you very much for your reply. I eagerly look forward to 3.0.0! Tim Massey |