Red Hat Bugzilla – Bug 112774
Access rights of /etc/squirrelmail/config.php
Last modified: 2007-11-30 17:10:34 EST
Description of problem:
When using MySQL or another database as a back-end to SquirrelMail,
/etc/squirrelmail/config.php contains the database name and password.
So it's access rights should be limited (now root:root 644, so anyone
can read this, and screw up the SquirrelMail database).
Since Apache (running as apache:apache) should still be able to read
this file, its rights could for example be changed to root:apache 640.
I fixed this in FC2, but I'm not going to errata it for the simple
reason that rpm won't change the permissions during the upgrade.