Hello all,
I encountered an issue with the conf.php file. Dolibarr puts out the following message: "Warning, your config file (htdocs/conf/conf.php) can be overwritten by the web server. Change the access to read only.
I know this problem can be fixed by setting the configuration file to read only.
However, the dolibarr.postinst script from the debian installer intentionally sets the conf.php to write:
mkdir -p /etc/dolibarr
touch /etc/dolibarr/conf.php
chown root:www-data /etc/dolibarr/conf.php
chmod 660 /etc/dolibarr/conf.php
Apparently, said script hasn’t been updated since 2015.
Are the developers aware that the script above causes said security risk?
I would be grateful for an answer and/or a bug fix.