Bug 63685 - Webalizer doesn't need root priviages
Webalizer doesn't need root priviages
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: webalizer (Show other bugs)
7.3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ngo Than
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-04-17 10:09 EDT by Andrew Bartlett
Modified: 2008-05-01 11:38 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-06-06 10:02:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Bartlett 2002-04-17 10:09:40 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020311

Description of problem:
Even if the latest Bugtraq post on webaliser isn't an issue - there is no reason
this product needs to run as root.

At my site, I use webaliser for both httpd and squid logs.  Both are set to run
under an unpriliaged user, via a 'su' wrapper in the crontab. It works fine.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Install webalizer
2. look at system crontab file
3. see webalizer runing with *way* too many privs
	

Actual Results:  Webalizer runs as root

Expected Results:  Webalizer running as unpriviaged user - owning the 'usage'
dir and nothing else.

Additional info:

By default, webserver logs are world-readable.  This may be another bug, but it
does emphisise the fact that we simply don't need root privs to do this job.

Even when logfiles are 'locked down' simply putting webalizer in a 'web-logs'
group (owning the logdir) works quite fine.
Comment 1 Chris Ricker 2002-06-06 10:02:22 EDT
This is still broken in 7.3
Comment 2 Ngo Than 2002-06-21 17:05:18 EDT
it's fixed in 2.01_10-5

Note You need to log in before you can comment on or make changes to this bug.