group writable files

[Fred B. <ba...@ae...>]

Hi,

Yesterday, I conducted a security audit on a number of our systems.  In
doing this, I discovered that a number of files in the webmin
directories contained files that were group writable, including a number
of cgi files, such as webmin/postgresql/edit_user.cgi.  This appears to
be true on those systems upgraded via rpm as well as by tarballs.

Is it necessary for any of these files to be group writable?  Could the
permissions be tightened up?

Fred Bacon
Aerodyne Research, Inc.