Description of problem: The cron job runs as root. Version-Release number of selected component (if applicable): 2.01_10-22 How reproducible: 100 % Steps to Reproduce: 1. Run apache to get logs 2. Run webalizer Actual results: Webalizer files owned by root. Expected results: Webalizer files owned by webalizer. Additional info: It would be nice if anaconda enabled posix ACL's on /var and used them to allow webalizer user access to Apache logs.
It would be simplest to make webalizer go setuid(webalizer) after opening input and/or output files, this would mitigate any security issues in the log file parsing code.
Marking as enhancement. It's actually not simple to do that either.
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.
[This is a mass bug update] Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 or FC4 updates, reopen and change the version to match.