[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Default permissions for possible sensitive information places

upstream of rear software installs /etc/rear/ /etc/rear/cert/ and
/etc/rear/local.conf with no permissions to group and others, because
those may contain sensitive information (I guess encryption key for
example) ; details here : https://github.com/rear/rear/issues/1666
I'm wondering about this being the good thing to do, by default, given
that there's nothing confidential by default and that it diverges by
what is suggested by the policy :
- /etc/rear/ and /etc/rear/cert/ : I guess maybe it would make sense for
a directory targeted to store keys for example and even in that case,
only setting correct permission for the key files themselves would be
- local.conf : for configuration file that may contain sensitive
information but which default version (from the package) doesn't include
anything, does that make sense ? the admin putting sensible information
should then change the configuration file permission to reflect that.

Also rear/backups in general is a sysadmin activity and hiding all
/etc/rear to non-root won't be an issue.
And I agree that setting by default restrictive permission may be good as
the admin backuping won't even need to take care of that.
But this does more than just what's needed (atomic, necessary and
sufficient based on the actual content) and deviates from Debian
defaults. So I'm a bit confused.

Do you know of some Debian usage in that case or if I missed some policy
point ?


Attachment: pgpyIQIlA7XmQ.pgp
Description: PGP signature

Reply to: