infrastructure

mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2024-09-25 04:01:21 +02:00

History

Giancarlo Razzolini ff27e416e7 roles/*: Fix nginx log dir permissions To correctly be safe for CVE-2016-1247, we need all nginx log dirs to be owned by both user and group root. Also, since nginx childs runs as http user, the directories permissions must be 0755, so the http user can descent into it. Since the logrotate will create the log files as http:log, the nginx childs will be able to write to the logs, but will not be able to create files inside those dirs, fully preventing CVE-2016-1247.	2017-02-10 09:15:42 -02:00
..
main.yml	roles/*: Fix nginx log dir permissions	2017-02-10 09:15:42 -02:00

Giancarlo Razzolini ff27e416e7

To correctly be safe for CVE-2016-1247, we need all nginx log dirs
to be owned by both user and group root. Also, since nginx childs
runs as http user, the directories permissions must be 0755, so the
http user can descent into it. Since the logrotate will create the
log files as http:log, the nginx childs will be able to write to the
logs, but will not be able to create files inside those dirs, fully
preventing CVE-2016-1247.

2017-02-10 09:15:42 -02:00

main.yml

roles/*: Fix nginx log dir permissions

2017-02-10 09:15:42 -02:00