Security question (best practise)

Discussion in 'General' started by Norman, Nov 2, 2010.

  1. Norman

    Norman Member HowtoForge Supporter

    I noticed /var/log/ispconfig/cron.log is created as -rw-rw-rw-
    Shouldn't it be -rw-r--r-- ?

    (Just writable by root)
    It'd be pretty bad if someone else writes or tampers with it and it is accidently executed by root using another shell or bypassing the no no execute chmod on it.
  2. falko

    falko Super Moderator ISPConfig Developer

    I'd have to ask Till, but I could imagine that the permissions are like that on purpose so that cron jobs run by different users can be logged in the file. But that's just a guess.

Share This Page