Bugzilla – Bug 5556
Audit directory setup instructions are insecure
Last modified: 2012-09-12 13:00:29
You need to
before you can comment on or make changes to this bug.
PreWS audit setup instructions say to create a directory with the permissions
This is insecure and allows arbitrary users to ls the files in the directory
and to remove
anyone's files. More secure perms are "rwx-wx-wt", set using "chmod 1733".
permissions, a user can create, modify, or delete only their own files, but
they can't even ls
the files in the directory to see what they are. This is reasonable given that
GRAM2 creates the
files for the user in the first place, and the file-names have large random
integers in them. It
would be very difficult for a user to know the names of their files in order to
It would also be good if the instructions suggested that the directory owner be
whichever non-root user will be used to process and load the audit records into
This has been fixed in GRAM5
What version of GRAM5.