<div dir="ltr">What's wrong with non-xymon users executing these commands? What harm could it do?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On 1 March 2013 08:59, Andrey Chervonets <span dir="ltr"><<a href="mailto:a.chervonets@cominder.eu" target="_blank">a.chervonets@cominder.eu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<font face="Arial">upgraded XyMon (clinet) to 4.3.10 (the same was
at least in 4.3.5) and notices all files in bin can read and
execute privileges to everyone:<br>
<br>
ls -l client/bin/<br>
total 1840<br>
-rwxr-xr-x 1 xymon monitor <a href="tel:161079" value="+61161079" target="_blank">161079</a> Feb 28 21:08 clientupdate<br>
-rwxr-xr-x 1 xymon monitor 200250 Feb 28 21:08 logfetch<br>
-rwxr-xr-x 1 xymon monitor 151256 Feb 28 21:08 msgcache<br>
-rwxr-xr-x 1 xymon monitor 153905 Feb 28 21:08 orcaxymon<br>
-rwxr-xr-x 1 xymon monitor 156173 Feb 28 21:08 xymon<br>
-rwxr-xr-x 1 xymon monitor <a href="tel:133445" value="+61133445" target="_blank">133445</a> Feb 28 21:08 xymoncfg<br>
....<br>
<br>
I suppose it depends on umask setting during installation, but I
would be more happy if installation process setup more secured
configuration regardless of default settings.<br>
At least: </font><font face="Arial"><font face="Arial">-rwxr-x---<br>
<br>
</font><br>
</font>
</div>
<br>_______________________________________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>
<br></blockquote></div><br></div>