Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default /etc/dolibarr/conf.php from Dolideb is user readable #16131

Closed
jhaand opened this issue Feb 1, 2021 · 1 comment
Closed

Default /etc/dolibarr/conf.php from Dolideb is user readable #16131

jhaand opened this issue Feb 1, 2021 · 1 comment

Comments

@jhaand
Copy link

jhaand commented Feb 1, 2021
edited

After a new installation of Dolibarr via Dolideb the configuration file /etc/dolibarr/conf.php is user readable. Since this file also has the password for the database in plaintext, this issue forms a security hazard.

See the contents of the /etc/dolibarr directory on my machine.

user@thinktop2:/etc/dolibarr$ ls -l
total 12
-rw-rw-r-- 1 root www-data 1702 Feb  1 12:59 conf.php
-rw-rw---- 1 root www-data 1840 Feb  1 12:39 install.forced.php
-rw-r--r-- 1 root root     1875 May 12  2015 install.forced.php.install
user@thinktop2:/etc/dolibarr$

I use Dolibarr 13.0.0-4 on Debian Bullseye.

I would suggest to change the permissions for this file to 0660.
@jhaand jhaand changed the title Default /etc/dolibarr/conf.php from dolidebb is user readable Default /etc/dolibarr/conf.php from Dolideb is user readable Feb 1, 2021
@eldy eldy closed this as completed in 2f5eb2a Feb 1, 2021
eldy added a commit that referenced this issue Feb 1, 2021
@eldy
FIX #16131
e2a65ad
@jhaand
Copy link
Author

jhaand commented Feb 3, 2021

Thanks for the quick response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jhaand