Package: webfs Version: 1.21+ds1-8.1 Severity: normal Tags: security upstream
I've trying webfsd 1.21 to serve gobby/infinoted files, but due to those problems: http://gobby.0x539.de/trac/ticket/617 https://bugs.archlinux.org/task/18746 People cannot open files easily, and need to open more permissions than necessary. Files are created with umask 077 (only owner reads; not the group), and webfsd only shows links to files in directory listings when the primary GROUP has read permission. Files links should be made when the file is simply readable, because of owner, group or others. This situation (and combination) forces to set owner and group of files to match the primary UID & GID of this webserver. -- System Information: Debian Release: 7.3 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-openvz-042stab084.14-amd64 (SMP w/4 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages webfs depends on: ii debconf [debconf-2.0] 1.5.49 ii libc6 2.13-38 ii libgcrypt11 1.5.0-5+deb7u1 ii libgnutls26 2.12.20-7 ii ucf 3.0025+nmu3 webfs recommends no packages. webfs suggests no packages. -- debconf information: webfsd/web_conn: webfsd/web_virtual: false webfsd/web_port: webfsd/web_user: www-data webfsd/web_cgipath: webfsd/web_syslog: false webfsd/web_group: www-data webfsd/web_ip: webfsd/web_extras: webfsd/web_index: webfsd/web_timeout: webfsd/web_host: webfsd/web_dircache: webfsd/pending: no webfsd/web_accesslog: webfsd/web_logbuffering: true webfsd/web_root: /srv/ftp -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
