Details

      Description

      The ejabberd script shipping with the Debian package (see here) explicitly sets the umask to 027 (see line 72 of that file). While this is a real security improvement (e.g. our databases are now no longer world-readable) this breaks mod_muc_log: the log-files created by it are owned by ejabberd:ejabberd, permissions rw-r-----. This of course makes the files unreadable by any webserver, e.g. Apache. I don't want to put Apache into the ejabberd-group either, because then it would b able to read ejabberds database files.

      Would it be possible to add an "umask" option to mod_muc_log that configures what umask will be used for the logfiles?

        Activity

        Hide
        cromain@process-one.net Christophe Romain added a comment -

        thanks for that comment, we'll check this and improve default packaging

        Show
        cromain@process-one.net Christophe Romain added a comment - thanks for that comment, we'll check this and improve default packaging
        Hide
        badlop Badlop added a comment -
        Show
        badlop Badlop added a comment - Reported here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684719
        Hide
        badlop Badlop added a comment -

        A modified patch has been committed to ejabberd git.

        Show
        badlop Badlop added a comment - A modified patch has been committed to ejabberd git.

          People

          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development