#1965 virtualmin creates files owned by root below directories own

Ken Jay

Apache is configured to log to files within user home

It is a security risk to write to files as root when any part
of the path is not owned by root, as symlink attacks
can cause other files to be overwritten or appended to,
allowing unauthorised changes.

on a new clean install virtualmin creates the above

see also under problem.

total 8
drwxr-xr-x 2 testing testing 4096 Feb 24 17:16 .
drwxr-xr-x 6 testing testing 4096 Feb 24 17:16 ..
-rw-r--r-- 1 root root 0 Feb 24 17:16 access_log
-rw-r--r-- 1 root root 0 Feb 24 17:16 error_log

this is particulary quite worrying to me is this something
that can be changed.

ken Jay


  • Jamie Cameron

    Jamie Cameron - 2005-02-28

    Logged In: YES

    This can be changed if it bothers you - just do the following :

    - Enter the Virtualmin module.
    - Click on Server Templates.
    - Click on the Default Settings template.
    - In the section for Apache directives, change the
    CustomLog line to something like :
    CustomLog /var/log/${DOM}_log common
    - Update the ErrorLog line similarly.
    - Click Save

    From now on, any Virtual servers created will log to files
    under /var/log which cannot be touched by their owners.

  • Jamie Cameron

    Jamie Cameron - 2005-02-28
    • status: open --> closed

Log in to post a comment.