-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/15/2011 09:07 AM, Johannes Weberhofer wrote:
> Dear all,
>
> I'm currently doing some packaging work for vpopmail, and have reviewed
> the file properties. I have seen, that all files (except vusaged in 5.5)
> have the properties set to "-rwx--x--x 1 vpopmail vchkpw". Shouldn't
> that be more restrictive? E.g. set to 0750 or even owned by root? In an
> older package of mine (it was 5.4.25) I have set it to 0750 root.root,
> which did never cause any problems.
You may set the permissions how you like, but there's really nothing
secret contained within the vusaged binary in 5.5. The permissions
you're referring to, which have been kept from 5.4 just because there's
no reason to change them, were there because the binaries statically
linked authentication mechanisms that sometimes had hard-coded
authentication values in them.
5.5 binaries do not statically link against the authentication backend.
In this case, you would be concerned about permissions on the shared
objects used for authentication.
> Regarding the FHS, I think those binaries should be moved to /usr/sbin.
> What do you think?
>
> Regarding the documentation I'd recommend to change the examples to
> install vpopmail into /var/lib/vpopmail, following the FHS 2.3 section 5.1.
What examples are you referring to?
- --
/*
Matt Brookings <m...@inter7.com> GnuPG Key FAE0672C
Software developer Systems technician
Inter7 Internet Technologies, Inc. (815)776-9465
*/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk2oUscACgkQIwet2/rgZyyVeQCcCyKX+Tw4921dzod5E7vYk3Y7
p8oAnAgxKHWK0z/VeihdSU6e3v+5UarO
=DeIG
-----END PGP SIGNATURE-----
