Add doas.conf to /etc/mtree/special?

Thu, 23 Jul 2015 05:48:53 -0700 

Since doas.conf is a `dangerous file', it seems to make sense to monitor
it daily(8).  I don't know the policy on permissions in the /etc/mtree/*
files.  Anything between 0400 and 0644 would seem to make sense.
/etc/sudoers used to have 0440.  I suggest 0640 so that root can edit
the file (since there is no equivalent of visudo(8)) and members of
wheel can still read the policy as before.

Index: etc/mtree/special
===================================================================
RCS file: /cvs/src/etc/mtree/special,v
retrieving revision 1.113
diff -u -p -r1.113 special
--- etc/mtree/special   3 Jul 2015 22:05:53 -0000       1.113
+++ etc/mtree/special   23 Jul 2015 11:02:27 -0000
@@ -22,6 +22,7 @@ csh.logout    type=file mode=0644 uname=roo
 daily          type=file mode=0644 uname=root gname=wheel
 daily.local    type=file mode=0644 uname=root gname=wheel optional
 dhcpd.conf     type=file mode=0644 uname=root gname=wheel optional
+doas.conf      type=file mode=0640 uname=root gname=wheel optional
 dvmrpd.conf    type=file mode=0600 uname=root gname=wheel optional
 exports                type=file mode=0644 uname=root gname=wheel optional
 fbtab          type=file mode=0644 uname=root gname=wheel

Reply via email to