Univention Bugzilla – Bug 30104
join.log on UCC Desktopclient is world-readable
Last modified: 2013-03-26 09:14:05 CET
root@micke:~# ls -l /var/log/univention/join.log -rw-r--r-- 1 root root 19242 Jan 22 10:35 /var/log/univention/join.log This is potentially bad, because the password of the user, who was used to join the server is logged in this file. The logfile should only be readable for root. A better solution would be not to log the password at all.
Added touch /var/log/univention/join.log chmod 640 /var/log/univention/join.log chown root:adm /var/log/univention/join.log to univention-join (and removed set -x from 45univention-join.inst, what caused the password in the join.log).
OK -> join.log is not world readable anymore OK -> password is not logged anymore Verified.
UCC 1.0 has been released: http://forum.univention.de/viewtopic.php?f=26&t=2417 http://forum.univention.de/viewtopic.php?f=54&t=2418 If this error occurs again, please use "Clone This Bug".