Support

Please look at the bottom of this page (under Support Policy Summary) for our support policy summary, containing important information regarding our working hours and our support policy. Thank you!

EXTREMELY IMPORTANT: Please attach a ZIP file containing your Akeeba Backup log file in order for us to help you with any backup or restoration issue. If the file is over 2Mb, please upload it on your server and post a link to it.

Description of my issue: We use RSFirewall as a security component and it has a system scan feature. When we run the scan, one of the warnings that it returns is: "You have 71 files with possibly insecure permissions. " and then is lists all the Akeeba Backup log files. E.G.: administrator/components/com_akeeba/backup/akeeba.cli.id1432.log with permissions set to 666. RSFirewall wants them set to 644 and has a feature to change them - see attached.

1. Is 666 the correct permissions for these files?
2. Can they be changed to 644 without adversely affecting functionality?
3. Akeeba seems to be keeping more log files than necessary. How is the number of log files controlled?

1. It doesn't really matter, the real access permissions are controlled by the custom .htaccess file in that folder.
2. You can change the permissions if it makes RSFirewall happy.
3. The log files should be deleted when the records are deleted from the Manage Backups screen. That's the short answer, it gets really complicated when you get into quotas for multiple backup profiles and failed backups that don't honor the quotas, etc.

Hi Dale,
Thanks for the prompt reply. I looked at the custom htaccess file in the /administrator/components/com_akeeba/backup folder and all I see is this:

<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
<RequireAll>
Require all denied
</RequireAll>
</IfModule>

Can you advise on the changes needed to make the log file permissions 644 by default?

I'm sorry, I didn't say that right. The access to the files is controlled by the "Deny from all" settings in the .htaccess file, but that does not affect the permission settings on the files themselves. The .htaccess file denies access from anywhere on the web except your own server. You can't download those log files, or more importantly a backup file, by entering the URL to the file in your browser. You can download them from within Akeeba Backup because it is accessing the folder from your own server.

If RSFirewall has a setting that will change the permissions, that will not hurt anything.

HI Dale,
I see now. Well that will be annoying, seeing as, in our case, new log files are created daily and we will have to change the permissions each time we run the check to "make RSFirewall happy". If you can put in a request to make those files read-only to non-owners (644) in a future release, it would be appreciated.

The reason that we create the log files with 666 permissions is to keep the backup from crashing on low quality hosts. Those of us not on low quality hosts are stuck with a fix we don't need. Since this is a log file, just text, the "wrong" permissions do not present any threat to site security. Even if an attacker managed to inject code into the file, it is not executable, so it would still be benign. While RSFirewall is correct that the permission settings are not standard, they are not correct that it represents a security threat.

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.