annoying permissions
Russ Allbery
rra at stanford.edu
Tue Dec 3 06:39:16 UTC 2002
Marco d'Itri <md at Linux.IT> writes:
> Why are config files and most binaries not installed world readable? If
> config files are not readable then third party programs can't access the
> spool using the storage API, because files like inn.conf and
> storage.conf can't be read.
I've finally gone and looked at this (two years later), and switched all
the permissions so that only those configuration files that may contain
passwords (like incoming.conf and innfeed.conf) are not world-readable.
Hopefully I didn't introduce any security issues, but I agree with your
argument.
This was waiting for me to rewrite site/Makefile, but that doesn't seem to
be happening any time soon.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the inn-workers
mailing list