[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libpam-mysql, libnss-mysql config files rights



Hi,

I'm just testing mysql authentication with pam and libnss and I saw that
all files in /etc/pam.d/ are 0644 mode. But with libpam-mysql I have to
put in /etc/pam.d/qpopper (for example) login and password of the user
who can show paswords in my database!!!!

So who can tell me one thing which explains we can't make all files in
pam.d 0640 by default. I think it will be a great security Idea as it's
not interesting for a standard user to read those files.

Same idea can be applied to /etc/nss-mysql.conf and
/etc/nss-mysql-root.conf (as explained in the README of the package!) or
other packages config files like lib???-ldap ....



-- 
Easter-eggs                                Spécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37    -     Fax: +33 (0) 1 41 35 00 76
mailto:elacour@easter-eggs.com   -    http://www.easter-eggs.com

Attachment: pgpCzhpGHRVRi.pgp
Description: PGP signature


Reply to: