On Tue, Dec 03, 2013 at 10:38:09AM +0100, Jérémy Bobbio wrote:
> > Btw, I wonder, I would have expected /etc/bley be 750, not 755 as in
> > your paste above.
>
> Why? The directory should be owned by root:root, as no other users
> should be allowed to add files in the configuration directory. But
On Mon, Dec 02, 2013 at 09:42:24PM +0100, Evgeni Golov wrote:
> > The daemon is run as the `bley` user. So this means that it can rewrite
> > its own configuration file. That's unusal and bad for security.
> >
> > Also, given that the secrets are all in dbconfig-common.conf, why not
> > make bley
Hi lunar!
On Mon, Dec 02, 2013 at 11:03:31AM +0100, Jérémy Bobbio wrote:
> After installing bley, I was a bit puzzled by the permissions given to
> the configuration file:
>
> drwxr-x--- 2 root bley 4096 déc. 2 10:45 bley
> -rw--- 1 bley bley 1101 déc. 2 10:45 bley/bley.conf
> -rw---
Package: bley
Version: 0.1.5-2
Severity: important
Hi!
After installing bley, I was a bit puzzled by the permissions given to
the configuration file:
drwxr-x--- 2 root bley 4096 déc. 2 10:45 bley
-rw--- 1 bley bley 1101 déc. 2 10:45 bley/bley.conf
-rw--- 1 bley root 81 déc. 1 15:
4 matches
Mail list logo
