Yeah, 1.3.3c is the version provided by Virtualmin.
If the /var/log/proftpd directory is “750”, the permissions of files inside that wouldn’t matter, as no one would be able to get that far in order to view them.
That said – I’ll shoot Joe an email, and see if he can update the permissions to 640 for the sake of consistency
Yeah, 1.3.3c is the version provided by Virtualmin.
If the /var/log/proftpd directory is “750”, the permissions of files inside that wouldn’t matter, as no one would be able to get that far in order to view them.
That said – I’ll shoot Joe an email, and see if he can update the permissions to 640 for the sake of consistency
While we are at it: On Ubuntu 10.04, with ProFTPD 1.3.2c, the situation is slightly different (yet still potentially problematic).
The ProFTPD logs are put into /var/log/proftpd which is 755 (root:root). All the files inside that directory get 640 (root:root) except for the (currently just one) rotated transfer log xferlog.1 which is 644. Additionally, an empty file xferreport is 644.
I just triggered another log file rotation, now I have xferlog.1 which is now 640, and xferlog.2.gz which is 644.
Something is fishy there. World should not be able to read the rotated and compressed transfer logs.
Well, we may only be able to do something about the CentOS issue, since Virtualmin provides that particular package (CentOS doesn’t have as many packages available to it by default as our Ubuntu systems
However, I don’t see that particular problem you’re describing on my Ubuntu 8.04 system. The logrotation looks like it’s being handled in /etc/cron.monthly/proftpd, by the various “savelog” entries. Do you see anything unusual in the setup there?
Hmm, on Ubuntu 10.04 it’s apparently done differently. Logrotate gets called through /etc/cron.daily/logrotate, and the config pertaining to the ProFTPD transfer log in /etc/logrotate.d/proftpd-basic looks like this:
/var/log/proftpd/xferlog
/var/log/proftpd/xferreport
{
monthly
missingok
rotate 7
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
prerotate
endscript
postrotate
# reload could be not sufficient for all logs, a restart is safer
invoke-rc.d proftpd restart 2>/dev/null >/dev/null || true
# run ftpstats on past transfer log
ftpstats -a -r -l 2 -d -h -f /var/log/proftpd/xferlog.0 2>/dev/null >/var/log/proftpd/xferreport || true
endscript
}