Hi
This option is great however I believe it should be tweaked slightly to enable it to be used more readily in a production environment
# If this option is enabled, the directory identified by LF_SCRIPT_ALERT will
# be chmod 0 and chattr +i to prevent it being accessed. Set the option to 1
# to enable.
#
# WARNING: This option could cause serious system problems if the identified
# directory is within the OS directory hierarchy. For this reason we do not
# recommend enabling it unless absolutely necessary.
LF_SCRIPT_PERM = "0"
On most servers it is unusual for system directories to used to send out spams from scripts (not unheard of but unusual), to this effect having the options to set the root directories where this option works would enable people just to set it for /home/
This would cover off in our case 99.999% of scripts used to generate spam without having to possibly impact system directories, other users may want to be able to set other directories so this option should probably have the ability to set multiple directory structures where you do want this enabled.
IE
LF_SCRIPT_PERM_BLOCK="/home,/home2,/usr/local"
Ideally we would still be warned of problems not contained within these directories still
Mike
Lf_script_perm
-
MichaelShanks
- Junior Member
- Posts: 5
- Joined: 17 May 2010, 10:46
Re: Lf_script_perm
Hi
I was wondering if there was any feedback for this suggestion?
I think it would be a useful addition and improve the functionality and our confidence in a part of the application that is known as risky to use.
Mike
I was wondering if there was any feedback for this suggestion?
I think it would be a useful addition and improve the functionality and our confidence in a part of the application that is known as risky to use.
Mike
Re: Lf_script_perm
We don't have any plans for changing the LF_SCRIPT* options at this time.