Re: [d-security] Re: root's home world readable
On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
> > There is at least one package in Debian that requires you to put
> > sensitive information in /root. The mysql server package needs you to
> > have a .my.cnf in the /root if you want the logs to rotate. The
> > my.cnf contains the clear text version of the root password to the
> > database.
>
> This is a bug. The file should be in /etc (if, as it sounds like,
> it's a system-wide configuration file).
It is not (a system wide configuration file) but at least in recent
versions you can archive the needed functionality by creating a "debian"
system user with sufficent privileges. This is planned but I though I
implement it after the next freeze (well err, that's what I though half a
year ago, probably the main freeze is far enough away to change it before
testing will be released)
bye,
-christian- / mysql maintainer aka "the one to blame"
--
I am Homer of Borg. Resistance is futi... Mmmmm, donuts!
Reply to: