[Kolab-devel] [issue558] kolab.conf has wrong permissions after update

Bernhard Herzog kolab-issues at intevation.de
Fri Dec 3 13:28:52 CET 2004


New submission from Bernhard Herzog <bh at intevation.de>:

On one on the machines I've updated to the new kolab packages (from 20041201)
the kolab.conf file is readable for all after the update.  The likely reason
this happened is that the kolabd rpm installed a new kolab.conf with permissions
644 and made a backup copy kolab.conf.rpmsave which still had the 600
permissions.  At some point I moved all the *.rpmsave files away and later
simply copied the kolab.conf.rpmsave over the new kolab.conf so that I could run
kolabconf.

To solve this I suggest two things: 

 - A script that checks the permissions of all files that may contain passwords 
   or other sensitive information.  This script should be run from e.g. 
   kolabconf but it should also be possible to run it manually.

 - Second, the kolabd rpm should install kolab.conf with 600 permissions.
   The spec file currently has 644 for kolab.conf.

----------
assignedto: steffen
messages: 3189
nosy: bh, steffen
priority: urgent
status: unread
title: kolab.conf has wrong permissions after update
topic: proko2, server
________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://intevation.de/roundup/kolab/issue558>
________________________________________________




More information about the devel mailing list