On Thu, 10 Mar 2011 12:10:32 +0100, Uwe Gansert <u...@suse.de> wrote: > Hi, > > The directories /var/log/cobbler, /var/log/cobbler/tasks and > /var/log/cobbler/kicklog are owned by the apache/wwwrun user. Is this really > needed? > I'm asking because of a potential security risk in that: > http://article.gmane.org/gmane.comp.security.oss.general/4404 > > For me it looks like only the cobblerd is writing those and so root:root > would > be sufficient.
I suspect you are correct. We would have to at least let the apache user read, but other than that we should be ok. If no one can think of bad things with this I'll make a commit to do that. -- Scott Henson Red Hat CIS Operator WVU Alum BSAE/BSME
pgpbaHS6adAJs.pgp
Description: PGP signature
_______________________________________________ cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler-devel