Author Topic: backup access rights (all users can access)  (Read 9724 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
backup access rights (all users can access)
« on: June 06, 2016, 08:34:17 AM »
Hello.


I am not sure if this problem only affects me or if it's a general problem:

The backup folder and the files created in the backup folder are owned by root:root, however they are readable for all other users.

I did
chmod -R o-rx /backup
now to fix this myself.

I think if possible this should be changed in CWP, since if one user is compromised the user will be able to read all the files of the other users from the backup folder, which includes database settings / passwords and so on.

Offline
***
Re: backup access rights (all users can access)
« Reply #1 on: July 08, 2017, 06:06:16 PM »
I second this change.
I right now test, and my server has this problem too.