Like many data storing daemons with predictable filenames, apt-cacher-ng is vulnerable to symlink attacks and similar malicious actions. Therefore, the user must make sure that the cache and log directories are writable only to the user account under which apt-cacher-ng is executed on.
As to the program internal security, apt-cacher-ng has been developed to care about a certain level of attacks from internal users as well as from malicious outside hosts. However, no guarantees can be made about the security of the program. It's recommended to run apt-cacher-ng under a system account which has no access to any system files outside of the cache and log directories. Refer to the manuals of the administration utilities of your distribution (like start-stop-daemon) to created the required configuration.
If relaxed permissions are required, e.g. to make files group-writeable, this can be established through the appropriate use umask command in the startup scripts of apt-cacher-ng (see /etc/default/apt-cacher-ng
, for example) and the sticky bit on the cache directories (see chmod(1)
manpage for details).