Security question (best practise)

Discussion in 'General' started by Norman, Nov 2, 2010.

  1. Norman

    Norman HowtoForge Supporter

    I noticed /var/log/ispconfig/cron.log is created as -rw-rw-rw-
    Shouldn't it be -rw-r--r-- ?

    (Just writable by root)
    It'd be pretty bad if someone else writes or tampers with it and it is accidently executed by root using another shell or bypassing the no no execute chmod on it.
     
  2. falko

    falko Super Moderator

    I'd have to ask Till, but I could imagine that the permissions are like that on purpose so that cron jobs run by different users can be logged in the file. But that's just a guess.
     

Share This Page