Bug#396452: [Pkg-awstats-devel] Bug#396452: Run cron script under
root.
Charles Fry
cfry at debian.org
Mon Nov 6 17:33:56 CET 2006
retitle 396452 facilitate awstats access to log files
severity 396452 wishlist
thanks
> Excuse me.
>
> from README.Debian:
> > ...
>
> This all require manual setup after install awstats.
Okay. This is making more sense now. ;-) In fact, I think that your
fundamental request is that we simplify this process, which is certainly
fair to ask for.
> Running cron script under root solve this problem too. Cron script will
> read apache log files with default root rights and write to awstats
> database with www-data rights, visible to cgi script. And this will not
> require manual setup after installation.
Remember that awstats can also be accessed as a cgi script, so only
changing the cron script is only a partial solution.
> >In general, running scripts as root should be avoided as that is itself
> >a security problem.
>
> I don't see any security hole in running cron script (not cgi) under
> root, because only root can change cron script or it's parameters.
The problem is now you are now giving awstats root access to your entire
machine, which should really be avoided if at all possible. The whole
point of user and group privileges is to prevent unauthorized access to
private information. You are putting a lot of trust in awstats by
running it as root, and it should be avoided if at all possible (and it
is possible in this case).
That said, your high-level request is still applicible: we should
explore ways to simplify the installation process such that manual user
intervention is not required.
Thanks for the report.
Charles
--
Thrifty jars for
Stay at homes
Handy tubes
For him
Who roams
Burma-Shave
http://burma-shave.org/jingles/1963/thrifty_jars_for
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-awstats-devel/attachments/20061106/0f4ad658/attachment.pgp
More information about the Pkg-awstats-devel
mailing list