[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#684732: unblock: nut/2.6.4-2

Hi Laurent and Julien,

2012/11/11 Laurent Bigonville <bigon@debian.org>
Le Sun, 11 Nov 2012 19:06:52 +0100,
Julien Cristau <jcristau@debian.org> a écrit :

> One more question...
>
> On Mon, Aug 13, 2012 at 15:36:14 +0200, Laurent Bigonville wrote:
>
> > +    for file in nut.conf upsmon.conf upssched.conf ; do
> > +        if [ -f /etc/nut/$file ] ; then
> > +            chown root:nut /etc/nut/$file
> > +            chmod 640 /etc/nut/$file
> > +        fi
> > +    done
>
> why is this is done unconditionally on postinst configure, instead of
> just on first install?

These files could contains passwords, I guess that this is done to be
really sure the files are not world readable? Arnaud?

this is indeed to enforce security on these files, as Laurent said:
ups.conf may contains SNMP credentials, upsd.users and upsmon.conf contain NUT internal users password.

Thus, it's *mandatory* to ensure protection. The above is just a test upon install / update, but the same is planned for the configuration editing library and tools (work underway).

cheers,
Arnaud
--
Linux / Unix / Opensource Engineering Expert - Eaton - http://opensource.eaton.com
Network UPS Tools (NUT) Project Leader - http://www.networkupstools.org
Debian Developer - http://www.debian.org
Free Software Developer - http://arnaud.quette.fr

Reply to: