Page 1 of 1

Idea for System Check Acceptance

Posted: Wed Aug 21, 2019 4:08 pm
by harlan
If I should post this in another category, please let me know.

It might be Really Swell if the System Check Acceptance perhaps asked for *how* the files/directories should be readable/writable, by owner, group, and other.

If any checked file or directory does not match the above "target", perhaps the message could say:

Not {readable,writable} by {owner,group,other} as owner <effective owner>, group <effective group>: /path/to/thing

and perhaps also:

Unexpectedly {readable,writable} by {owner,group,other} as owner <effective owner>, group <effective group>: /path/to/thing

The intent being that if an administrator wants to control access by owner, they should be able to do so. Similarly for group. And finally, many administrators will want to be sure a file is not going to be seen or updated by folks who should not be able to read/write that file.

This would also help the case where the web server is running as an unexpected user/group.

Yes, this could be extended to the executable bit as well, and I'm not sure how useful that is. For example, I see a lot of rwx .php files and I see a lot of rw- .php files.

Re: Idea for System Check Acceptance

Posted: Wed Aug 21, 2019 4:47 pm
by mikeb
Thanks for the suggestion, we will add it to our feature request list.