Configuration file with sensitive data (password)
I'm an upstream working on changes to how configuration is handled in our
program.
There is a daemon that is run at startup* with an init.d script, on its own
user account*. It supports remote control over TCP (disabled by default),
with password authentication.
(* where I say "is", I mean "will be". The Debian package is currently as
barebones as it can be and doesn't even install the program in an easily-
usable form yet)
But where to put the password?
Due to the protocol used during authentication, the daemon needs the pass-
word in plaintext form, it can't be a hash (remote client sends "I want to
auth", daemon sends nonce, remote client hashes password and nonce, daemon
compares hashes).
Putting a plaintext password in a world-readable file in /etc would be
obviously a bad idea. I can't make the config file readable by the daemon
only either, because the local GUI needs to read it to know what the local
Unix socket is.
One way to solve it is having two files with different permissions: one with
the password (readable by the daemon only), and one with everything else
(world-readable). Another way is having the config file group-readable.
I already need a group for the users who are allowed to manage the daemon
locally anyway (the Unix socket would be group-accessible).
Any suggestions? Is it common (or a good idea) to have a config file only
readable by a group?
Reply to: