Openlitespeed changing configuration permission to executable during first startup

#1
HI,
I am working with OLS 1.7.14 on a custom project. I packed it for ubuntu server. During the service start the ols is changing the permission on httpd_config.conf and all sub configurations into executable . First I though it was my sever problem, so i installed the ols on a directadmin server , the same version and I can see the permission also change on directadmin server too.
The ownership of the file is lsadm , even though, it doesn't need executable permission . If any malicious user with lsadm uid can add some code to this conf, it will be disaster . The installation
The installation script on ols is not creating the group of lsadm properly , The groupid is not same as its uid
I happened to see it was added to group 1001 in my serve and 125 in a directatadmin server. There is a chance that a user exists in the server with uid 1001. If some one need to fix the gid issue on lsadm user , you need to create the group with the same uid

This post may or may not be considered a security issue as in ols server. Just my thoughts
 
Top