Message ID | 20200509060642.4551-1-alexander.marx@ipfire.org |
---|---|
State | Superseded |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 49JxYH6W9Dz3xyP for <patchwork@web04.haj.ipfire.org>; Sat, 9 May 2020 06:06:59 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 49JxYG0PPFz252; Sat, 9 May 2020 06:06:57 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 49JxYF5Tldz2yl7; Sat, 9 May 2020 06:06:57 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 49JxYD204Dz2yNP for <development@lists.ipfire.org>; Sat, 9 May 2020 06:06:56 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 49JxYC13rLz1PT; Sat, 9 May 2020 06:06:55 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1589004415; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=2ZhHynvz1xLhu+3CYxWAvrCJiWAdROGcKA9Aw4OX4vM=; b=eobzyIfx+jqxxyJWKuoPls47nGHIOsFaeON91x9SRASSZ0yNYzqwWExbrT0caA39ImEUxP gLZF4+sPHwSaS1AQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1589004415; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=2ZhHynvz1xLhu+3CYxWAvrCJiWAdROGcKA9Aw4OX4vM=; b=e/GNhMV7HChvFh1G0v9d60xqjIp3lMsn+fzs3uDr1vn0q8lRqpFwlR0VB1yeQU/C+EVtwi Fc+Eaamllh0Eh3HYRVA6DxXRPW10Ut7xHcUljpbbwu7WymLNeiDkHnyVmTpu9AlPSoJOke BW/RC53bxfW/d4bLVSVpJz9lk8omTI5ZIvfFGU9y/Ezx1Nc/iiyOOlN0fEIVF1k54FFkZ+ zmU1ndbhtmTabudgjUkDykdXWf/l/PIhmbopKz7S/XY6cqzl6nzomquykugXi/DQ450PKD I8qGJeWMFvg7SErfz6ZVKextxU+Jo3PfgOZVlrrdhK7lJ/h+Hd0fJm8iVP4gLQ== From: Alexander Marx <alexander.marx@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] BUG12403: Fix permissions of DMA configfile Date: Sat, 9 May 2020 08:06:42 +0200 Message-Id: <20200509060642.4551-1-alexander.marx@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.mailfrom=alexander.marx@ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Cc: Alexander Marx <amarx@ipfire.org> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
BUG12403: Fix permissions of DMA configfile
|
|
Commit Message
Alexander Marx
May 9, 2020, 6:06 a.m. UTC
From: Alexander Marx <amarx@ipfire.org>
Change read permissions of dma configfile so other users are able to read it.
Needed for Addons like WIO to send Mails.
FIXES: #12403
---
lfs/dma | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Comments
Hello, > On 9 May 2020, at 07:06, Alexander Marx <alexander.marx@ipfire.org> wrote: > > From: Alexander Marx <amarx@ipfire.org> Your Git is set up with a different email address for commits than what you are using for email. Is this intentional? > Change read permissions of dma configfile so other users are able to read it. > Needed for Addons like WIO to send Mails. I am not sure if this patch is a good idea. We will make the credentials readable for everyone. What would probably work better is a group called “mail” which nobody and wio will be a member of so that they can read the configuration file. Others still won’t be able to read it. What do you think about this solution? Best, -Michael > > FIXES: #12403 > --- > lfs/dma | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/lfs/dma b/lfs/dma > index aceb2704e..6b5d9bfbf 100644 > --- a/lfs/dma > +++ b/lfs/dma > @@ -24,7 +24,7 @@ > > include Config > > -VER = 0.12 > +VER = 0.13 > > THISAPP = dma-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -80,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin > chown -R nobody.nobody /var/ipfire/dma > chown nobody.root /var/ipfire/dma/auth.conf > + chmod 644 /var/ipfire/dma/auth.conf > ln -svf dma /usr/sbin/sendmail.dma > /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20 > @rm -rf $(DIR_APP) > -- > 2.17.1 >
Am 11.05.20 um 10:35 schrieb Michael Tremer: > Hello, > >> On 9 May 2020, at 07:06, Alexander Marx <alexander.marx@ipfire.org> wrote: >> >> From: Alexander Marx <amarx@ipfire.org> > Your Git is set up with a different email address for commits than what you are using for email. Is this intentional? There were some confusions when i set up the accounts in the beginning.... >> Change read permissions of dma configfile so other users are able to read it. >> Needed for Addons like WIO to send Mails. > I am not sure if this patch is a good idea. We will make the credentials readable for everyone. > > What would probably work better is a group called “mail” which nobody and wio will be a member of so that they can read the configuration file. Others still won’t be able to read it. > > What do you think about this solution? > > Best, > -Michael Well, it's a bit more complex. The next thing i am working on with Stephan will be the APCUPSD with a nice webinterface. To make things round we are thinking of putting the apcupd and website together in one addon. But the apcupsd has a complete different user (apcups) and maybe there will be other tools and services with own usernames that also could use the mailaddon. Therefor a general readpermission would be a good solution. In case of apcups we would otherwise be forced to put the apcups user into the mailgroup. Anyway, if this is not the solution, please delete the patch and we try to find another solution. Alex >> FIXES: #12403 >> --- >> lfs/dma | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/lfs/dma b/lfs/dma >> index aceb2704e..6b5d9bfbf 100644 >> --- a/lfs/dma >> +++ b/lfs/dma >> @@ -24,7 +24,7 @@ >> >> include Config >> >> -VER = 0.12 >> +VER = 0.13 >> >> THISAPP = dma-$(VER) >> DL_FILE = $(THISAPP).tar.gz >> @@ -80,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >> install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin >> chown -R nobody.nobody /var/ipfire/dma >> chown nobody.root /var/ipfire/dma/auth.conf >> + chmod 644 /var/ipfire/dma/auth.conf >> ln -svf dma /usr/sbin/sendmail.dma >> /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20 >> @rm -rf $(DIR_APP) >> -- >> 2.17.1 >>
Hello, > On 11 May 2020, at 10:02, Alexander Marx <alexander.marx@ipfire.org> wrote: > > > > Am 11.05.20 um 10:35 schrieb Michael Tremer: >> Hello, >> >>> On 9 May 2020, at 07:06, Alexander Marx <alexander.marx@ipfire.org> wrote: >>> >>> From: Alexander Marx <amarx@ipfire.org> >> Your Git is set up with a different email address for commits than what you are using for email. Is this intentional? > There were some confusions when i set up the accounts in the beginning.... > >>> Change read permissions of dma configfile so other users are able to read it. >>> Needed for Addons like WIO to send Mails. >> I am not sure if this patch is a good idea. We will make the credentials readable for everyone. >> >> What would probably work better is a group called “mail” which nobody and wio will be a member of so that they can read the configuration file. Others still won’t be able to read it. >> >> What do you think about this solution? >> >> Best, >> -Michael > Well, it's a bit more complex. The next thing i am working on with Stephan will be the APCUPSD with a nice webinterface. To make things round we are thinking of putting the apcupd and website together in one addon. But the apcupsd has a complete different user (apcups) and maybe there will be other tools and services with own usernames that also could use the mailaddon. Yes, but that is great. We can simply add more users to the group when we need to. That will still keep the file’s contents safe. > Therefor a general readpermission would be a good solution. I get that this is the easiest one, but not a good one. > In case of apcups we would otherwise be forced to put the apcups user into the mailgroup. Yes. That is a one-liner: usermod -a -G mail apcupsd > Anyway, if this is not the solution, please delete the patch and we try to find another solution. Best, -Michael > Alex > >>> FIXES: #12403 >>> --- >>> lfs/dma | 3 ++- >>> 1 file changed, 2 insertions(+), 1 deletion(-) >>> >>> diff --git a/lfs/dma b/lfs/dma >>> index aceb2704e..6b5d9bfbf 100644 >>> --- a/lfs/dma >>> +++ b/lfs/dma >>> @@ -24,7 +24,7 @@ >>> >>> include Config >>> >>> -VER = 0.12 >>> +VER = 0.13 >>> >>> THISAPP = dma-$(VER) >>> DL_FILE = $(THISAPP).tar.gz >>> @@ -80,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>> install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin >>> chown -R nobody.nobody /var/ipfire/dma >>> chown nobody.root /var/ipfire/dma/auth.conf >>> + chmod 644 /var/ipfire/dma/auth.conf >>> ln -svf dma /usr/sbin/sendmail.dma >>> /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20 >>> @rm -rf $(DIR_APP) >>> -- >>> 2.17.1 >>> >
diff --git a/lfs/dma b/lfs/dma index aceb2704e..6b5d9bfbf 100644 --- a/lfs/dma +++ b/lfs/dma @@ -24,7 +24,7 @@ include Config -VER = 0.12 +VER = 0.13 THISAPP = dma-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -80,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin chown -R nobody.nobody /var/ipfire/dma chown nobody.root /var/ipfire/dma/auth.conf + chmod 644 /var/ipfire/dma/auth.conf ln -svf dma /usr/sbin/sendmail.dma /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/sendmail.dma 20 @rm -rf $(DIR_APP)