This has been discussed before several time. Here is one: http://lists.debian.org/debian-apache/2004/02/msg00045.html
On Thu, 1 Jul 2004, Javier Fernández-Sanguino Peña wrote: > Package: apache-common > Version: 1.3.31-1 > Priority: important > Tags: security > > I cannot really understand why this is needed: > > $ ls -la /var/lib/apache/mod-bandwidth/ > total 16 > drwxrwxrwx 4 www-data www-data 4096 2003-10-20 21:53 . > drwxr-xr-x 3 root root 4096 2003-10-20 21:53 .. > drwxrwxrwx 2 www-data www-data 4096 2003-10-14 14:38 link > drwxrwxrwx 2 www-data www-data 4096 2003-10-14 14:38 master > > README.mod_bandwidth just says: > > No documentation available! It is in the source code. > > So, is there any reason why mod-bandwith files should be writable by all > users? * 3) Create the following directories with "rwx" permission to everybody : * /tmp/apachebw * /tmp/apachebw/link * /tmp/apachebw/master * * Note that if any of those directories doesn't exist, or if they can't * be accessed by the server, the module is totaly disabled except for * logging an error message in the logfile. Fabio -- <user> fajita: step one <fajita> Whatever the problem, step one is always to look in the error log. <user> fajita: step two <fajita> When in danger or in doubt, step two is to scream and shout.