Bug 5556 - Audit directory setup instructions are insecure
: Audit directory setup instructions are insecure
Status: RESOLVED FIXED
: GRAM
gt2 Gatekeeper/Jobmanager
: 4.0.5
: TeraGrid All
: P3 critical
: ---
Assigned To:
: http://www.globus.org/toolkit/docs/4....
:
:
:
  Show dependency treegraph
 
Reported: 2007-09-12 17:29 by
Modified: 2012-09-12 13:00 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2007-09-12 17:29:39
PreWS audit setup instructions say to create a directory with the permissions
"rws-wsrwx".
This is insecure and allows arbitrary users to ls the files in the directory
and to remove
anyone's files.  More secure perms are "rwx-wx-wt", set using "chmod 1733". 
With these
permissions, a user can create, modify, or delete only their own files, but
they can't even ls
the files in the directory to see what they are.  This is reasonable given that
GRAM2 creates the
files for the user in the first place, and the file-names have large random
integers in them. It
would be very difficult for a user to know the names of their files in order to
alter them.

It would also be good if the instructions suggested that the directory owner be
"globus" or
whichever non-root user will be used to process and load the audit records into
the database.
------- Comment #1 From 2012-09-12 09:22:44 -------
This has been fixed in GRAM5
------- Comment #2 From 2012-09-12 12:02:25 -------
What version of GRAM5.
------- Comment #3 From 2012-09-12 13:00:29 -------
5.2.x