Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#1965 virtualmin creates files owned by root below directories own

1.180
closed
Jamie Cameron
5
2005-02-28
2005-02-24
Ken Jay
No

Apache is configured to log to files within user home
directories

It is a security risk to write to files as root when any part
of the path is not owned by root, as symlink attacks
can cause other files to be overwritten or appended to,
allowing unauthorised changes.

on a new clean install virtualmin creates the above
problem

see also under problem.
http://slacksite.com/apache/logging.html

total 8
drwxr-xr-x 2 testing testing 4096 Feb 24 17:16 .
drwxr-xr-x 6 testing testing 4096 Feb 24 17:16 ..
-rw-r--r-- 1 root root 0 Feb 24 17:16 access_log
-rw-r--r-- 1 root root 0 Feb 24 17:16 error_log

this is particulary quite worrying to me is this something
that can be changed.

ken Jay

Discussion

  • Jamie Cameron
    Jamie Cameron
    2005-02-28

    Logged In: YES
    user_id=129364

    This can be changed if it bothers you - just do the following :

    - Enter the Virtualmin module.
    - Click on Server Templates.
    - Click on the Default Settings template.
    - In the section for Apache directives, change the
    CustomLog line to something like :
    CustomLog /var/log/${DOM}_log common
    - Update the ErrorLog line similarly.
    - Click Save

    From now on, any Virtual servers created will log to files
    under /var/log which cannot be touched by their owners.

     
  • Jamie Cameron
    Jamie Cameron
    2005-02-28

    • status: open --> closed