Dec 08, 2008
Quills weblog admin portlet shouldn't display to non-privileged users.
A bug I encountered with Quills weblog product is the weblog admin portlet being viewable to non-privileged users. This was not a desired result, so off to google I went.
Luckily there was already a diff I could use to patch the offending code in parts/instance/lib/python/quills/app/portlets/weblogadmin.py.
Here is the link to the diff: http://dev.plone.org/collective/changeset/52562/quills.app/trunk/quills/app/portlets/weblogadmin.py?format=diff&new=52562 . Patch the file and the portlet is no longer viewable to non-privileged users.
Dec 03, 2008
Earlier today while logged into irc, someone asked what the repercussions of chmod 644 /var/log/messages would be. Wanting to save someone from themselves (as well as work on my people skills), I replied.
Logs are mostly a security tool and the default permissions are in place as part of the security. I would recommend a tool such as logcheck, which is fairly easy to configure out of the box. It will also mail reports to the user of your choice.
I must be getting into the holiday spirit.
Powered by ScribeFire.