[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Configuration file with sensitive data (password)

I'm an upstream working on changes to how configuration is handled in our 

There is a daemon that is run at startup* with an init.d script, on its own 
user account*. It supports remote control over TCP (disabled by default), 
with password authentication.

(* where I say "is", I mean "will be". The Debian package is currently as 
barebones as it can be and doesn't even install the program in an easily-
usable form yet)

But where to put the password?

Due to the protocol used during authentication, the daemon needs the pass-
word in plaintext form, it can't be a hash (remote client sends "I want to 
auth", daemon sends nonce, remote client hashes password and nonce, daemon 
compares hashes).

Putting a plaintext password in a world-readable file in /etc would be 
obviously a bad idea. I can't make the config file readable by the daemon 
only either, because the local GUI needs to read it to know what the local 
Unix socket is.

One way to solve it is having two files with different permissions: one with 
the password (readable by the daemon only), and one with everything else 
(world-readable). Another way is having the config file group-readable.
I already need a group for the users who are allowed to manage the daemon 
locally anyway (the Unix socket would be group-accessible).

Any suggestions? Is it common (or a good idea) to have a config file only 
readable by a group?

Reply to: