All users have write access to the LGP server code #32
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The LGP server code is located at
/srv/http/LGP-Server
and is currently writable by anyone. This is a security issue because a user could edit themain.py
code to do something malicious and it could be then be executed. Alternatively, users can read and modify the LGP server database which is also bad. One possible solution is to only give access to the LGP server devs, namely me and spicecat.I'm setting the permissions on the LGP server code to only writable by me and I can give access to anyone that wants it with
setfacl
.setfacl -Rm u:spicecat:rwX .
does this nicely, and I'll give other people access if they want it as well.