Re: libpam-mysql, libnss-mysql config files rights
Dans un message du 20 Jan à 15:38, Emmanuel Lacour écrivait :
> Same idea can be applied to /etc/nss-mysql.conf and
> /etc/nss-mysql-root.conf (as explained in the README of the package!)
/etc/nss-mysql-root.conf should be 0600 and owned by root or nss-mysql
will refuse to work. There is no real security bug here.
Concerning nss-mysql.conf, it should be readable by anybody because
everybody should be able to /etc/passwd. However, a side effect of using
nscd allows you to restrict the rights of nss-mysql.conf to the user
under which nscd runs. But if nscd crashes, nss-mysql will stop to work.
HTH.
--
Guillaume Morin <guillaume@morinfr.org>
People get the operating system they deserve.
Reply to: