On 21.08.2012 19:51, Bart Martens wrote: > Hi Nick, > > On Tue, Aug 21, 2012 at 09:29:28AM +0100, Nick Leverton wrote: >> Thanks also Bart for reminding me of the other approach. > > My pleasure. > >> (sorry I am >> a bit distracted by home things at the moment). > > No problem at all. > >> diff -Nru nullmailer-1.11/debian/postinst nullmailer-1.11/debian/postinst >> --- nullmailer-1.11/debian/postinst 2012-05-16 08:25:36.000000000 +0100 >> +++ nullmailer-1.11/debian/postinst 2012-08-21 09:07:21.000000000 +0100 >> @@ -24,6 +24,15 @@ >> fi >> >> db_get nullmailer/relayhost >> + # securely create nullmailer/remotes with mode 0600 >> + if [ ! -e /etc/nullmailer/remotes ] >> + then >> + M=$( umask ) >> + umask 077 >> + > /etc/nullmailer/remotes >> + chown mail:mail /etc/nullmailer/remotes >> + umask $M >> + fi >> echo "$RET" | sed -r -e ':a s/(\[[^]:]*):/\1=/; ta' \ >> -e 's/[[:space:]]*:[[:space:]]*/\n/g' \ >> -e ':b s/(\[[^]=]*)=/\1:/; tb' \ > > What if the file already exists : No chmod and no chown needed then ?
It's a good question, but I'd say the current code is right. It is admin decision to change permission/ownership, we should not alter thsese decision. The only problem remains is insecure permissions of the previously created file (which is the whole point of this bugreport and the upload)... /mjt -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/5033fb24.4080...@msgid.tls.msk.ru