Yes, some time ago there was a discussion on maillist:
http://lists.alioth.debian.org/pipermail/pkg-awstats-devel/
The bad thing with this approach - we allow awstats access to all @adm
stuff, which is not good.
sorry, I should had finish reading. It is suggested to be done afterwards
3) Change awstats.pl to group adm (but beware that you are then
taking the risk of allowing a CGI-script access to admin stuff on
the machine!).
adm is used as a read only for logs in the system. I still think this is
preferable than to allow all the users read the apache logs
Running the cronjob as adm would only be able to read other logs... not
even to write them even if you manage to craft a log entry that would
break the cgi to execute random code as adm
"that you are then taking the risk of allowing a CGI-script access to
admin stuff" sounds more risky than it is.
If you already knew that adm user is used as log read only and still
think is a bad idea (or has been discussed already with such
conclusion), please, feel free to close this bug
Greets
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
