Re: Odd problem with updates to the recent CR

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




> Date: Wednesday, August 12, 2015 09:28:59 -0400
> From: m.roth@xxxxxxxxx
>
> Jonathan Billings wrote:
>> On Tue, Aug 11, 2015 at 12:59:58PM -0400, m.roth@xxxxxxxxx wrote:
>>> So, since I haven't yet found where /var/log/httpd is created,
>>> what would
>>> a default package make the ownership of the directory? Does it
>>> expect it to be apache:root?
>> 
>> Just a data point:
>> 
>> $ rpm -qp --qf='[%-11{filemodes:perms} %-8{fileusername}
>> %-8{filegroupname} %{filenames}\n]'
>> httpd-2.2.15-45.el6.x86_64.rpm | grep /var/log/httpd
>> 
>> drwx------  root     root     /var/log/httpd
>> 
> Yeah, well, SiteMinder runs as a child of the httpd started by
> service start, so it runs as apache.
> 
> Ask me how much I think of SiteMinder... offlist, if you want the
> rant....
> 
>       mark !@#$@!#$!@#~!@
> 

That's "fine" (within context), but then it shouldn't be able to
write to files in the /var/log/httpd directory. [from something you
posted I got the sense that it owned that directory, which is even
worse (especially for a "security tool"), if that was correct.]

Assuming any ability to configure things, change it's logging to an
application-specific directory.

The long-and-short is that at some point someone/thing changed the
permissions (and maybe ownerships) on /var/log/httpd from the
defaults. [something that i would have assumed would have gone into
your change-management system.]

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux