Bug 5556 – Audit directory setup instructions are insecure

Bug 5556 - Audit directory setup instructions are insecure

Summary:

Audit directory setup instructions are insecure

Status:	RESOLVED FIXED

Product:	GRAM
Component:	gt2 Gatekeeper/Jobmanager
Version:	4.0.5
Platform:	TeraGrid All

Importance:	P3 critical
Target Milestone:	---
Assigned To:	Stuart Martin

URL:	http://www.globus.org/toolkit/docs/4....
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-09-12 17:29 by John-Paul Navarro
Modified:	2012-09-12 13:00 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From John-Paul Navarro 2007-09-12 17:29:39

PreWS audit setup instructions say to create a directory with the permissions
"rws-wsrwx".
This is insecure and allows arbitrary users to ls the files in the directory
and to remove
anyone's files.  More secure perms are "rwx-wx-wt", set using "chmod 1733". 
With these
permissions, a user can create, modify, or delete only their own files, but
they can't even ls
the files in the directory to see what they are.  This is reasonable given that
GRAM2 creates the
files for the user in the first place, and the file-names have large random
integers in them. It
would be very difficult for a user to know the names of their files in order to
alter them.

It would also be good if the instructions suggested that the directory owner be
"globus" or
whichever non-root user will be used to process and load the audit records into
the database.

------- Comment #1 From Joe Bester 2012-09-12 09:22:44 -------

This has been fixed in GRAM5

------- Comment #2 From John-Paul Navarro 2012-09-12 12:02:25 -------

What version of GRAM5.

------- Comment #3 From Joe Bester 2012-09-12 13:00:29 -------

5.2.x