Hi, upstream of rear software installs /etc/rear/ /etc/rear/cert/ and /etc/rear/local.conf with no permissions to group and others, because those may contain sensitive information (I guess encryption key for example) ; details here : https://github.com/rear/rear/issues/1666 I'm wondering about this being the good thing to do, by default, given that there's nothing confidential by default and that it diverges by what is suggested by the policy : https://www.debian.org/doc/debian-policy/#permissions-and-owners - /etc/rear/ and /etc/rear/cert/ : I guess maybe it would make sense for a directory targeted to store keys for example and even in that case, only setting correct permission for the key files themselves would be enough. - local.conf : for configuration file that may contain sensitive information but which default version (from the package) doesn't include anything, does that make sense ? the admin putting sensible information should then change the configuration file permission to reflect that. Also rear/backups in general is a sysadmin activity and hiding all /etc/rear to non-root won't be an issue. And I agree that setting by default restrictive permission may be good as the admin backuping won't even need to take care of that. But this does more than just what's needed (atomic, necessary and sufficient based on the actual content) and deviates from Debian defaults. So I'm a bit confused. Do you know of some Debian usage in that case or if I missed some policy point ? F.
Attachment:
pgpyIQIlA7XmQ.pgp
Description: PGP signature