Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Logs should not be world readable

Description

The log directory should not be world readable. This could post a security concern if you allow untrusted people to log into your server or access your file system on the server in some way. Why you would do that I do not know, but we should use proper permissions none-the-less.

Environment

Unix based installs at a minimum

Attachments

1

Activity

Show:

Francisco Vives January 9, 2008 at 10:23 PM

There was an error installing the .deb on debian. The package requires sun-java5-jre but it was installed sun-java6-jre. The package may check for sun-java6-jre | sun-java5-jre. Attached is the installation log deb_installation.log.

After installing the RPM in a Fedora environment, openfire couldn't write the output log because of permission denied.

Daniel Henninger January 4, 2008 at 11:36 AM

Enterprise, check. Done.

Daniel Henninger January 4, 2008 at 11:16 AM

Solaris and Mac, check.

Daniel Henninger January 4, 2008 at 11:13 AM

Debian, check.

Daniel Henninger January 4, 2008 at 11:08 AM

RPM, check.

Fixed

Details

Assignee

Reporter

Components

Fix versions

Priority

Created December 29, 2007 at 12:41 AM
Updated January 11, 2008 at 7:45 AM
Resolved January 11, 2008 at 7:45 AM