On 2023-03-01 11:08, Crystal Kolipe wrote:
Another small advantage of the examples/* files is that they have the correct
permissions set for the corresponding real configuration file.
So new users who do:
# cp /etc/examples/iked.conf /etc/
# vi /etc/iked.conf
At least get a file which is not world readable by default. If they just
create a new file with vi, then it will have 0644 permissions.
Admittedly a user with such little experience shouldn't be managing a system
where this matters particularly, but having those example files there does at
least mitigate one possible class of problems.
Hi Crystal and list,
Yes, I actually ran into that! I tried writing a basic config in:
/etc/iked.conf from scratch with vim and then did a restart of iked via:
rcctl restart iked.
The restart failed but then the logs pointed me in the right direction
for not having correct permissions.
- J
