From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020311 Description of problem: Even if the latest Bugtraq post on webaliser isn't an issue - there is no reason this product needs to run as root. At my site, I use webaliser for both httpd and squid logs. Both are set to run under an unpriliaged user, via a 'su' wrapper in the crontab. It works fine. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Install webalizer 2. look at system crontab file 3. see webalizer runing with *way* too many privs Actual Results: Webalizer runs as root Expected Results: Webalizer running as unpriviaged user - owning the 'usage' dir and nothing else. Additional info: By default, webserver logs are world-readable. This may be another bug, but it does emphisise the fact that we simply don't need root privs to do this job. Even when logfiles are 'locked down' simply putting webalizer in a 'web-logs' group (owning the logdir) works quite fine.
This is still broken in 7.3
it's fixed in 2.01_10-5