etc/mtree/special: remove nsd.conf

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

etc/mtree/special: remove nsd.conf

Björn Ketelaars
/etc/nsd.conf has been moved to /var/nsd/etc/nsd.conf. /etc/changelist has been
changed accordingly, /etc/mtree/special has not. NSD's configuration file
resides in a root:_nsd owned directory with permission set at 0750. As such
there should be no need for inclusion of nsd.conf in the mtree specification for
dangerous files.

Included a small diff file.


--
Björn Ketelaars
GPG key: 0x4F0E5F21

patch-etc_mtree_special (686 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: etc/mtree/special: remove nsd.conf

Ian McWilliam-2
On 3/12/2013 7:12 PM, Björn Ketelaars wrote:
> /etc/nsd.conf has been moved to /var/nsd/etc/nsd.conf. /etc/changelist has been
> changed accordingly, /etc/mtree/special has not. NSD's configuration file
> resides in a root:_nsd owned directory with permission set at 0750. As such
> there should be no need for inclusion of nsd.conf in the mtree specification for
> dangerous files.
>
> Included a small diff file.
>
>

Does a conf file really need to be executable?

Ian McWilliam

Reply | Threaded
Open this post in threaded view
|

Re: etc/mtree/special: remove nsd.conf

Björn Ketelaars
On 03/12/2013, Ian McWilliam wrote:

> On 3/12/2013 7:12 PM, Björn Ketelaars wrote:
> >/etc/nsd.conf has been moved to /var/nsd/etc/nsd.conf. /etc/changelist has been
> >changed accordingly, /etc/mtree/special has not. NSD's configuration file
> >resides in a root:_nsd owned directory with permission set at 0750. As such
> >there should be no need for inclusion of nsd.conf in the mtree specification for
> >dangerous files.
> >
> >Included a small diff file.
> >
> >
>
> Does a conf file really need to be executable?
>
> Ian McWilliam

The directory has permission 0750, not the configuration file (which is 0640).
So, no executable config file.

Guess that my crappy English is to blame...

--
Björn Ketelaars
GPG key: 0x4F0E5F21

Reply | Threaded
Open this post in threaded view
|

Re: etc/mtree/special: remove nsd.conf

Stuart Henderson-6
In reply to this post by Björn Ketelaars
On 2013/12/03 09:12, Björn Ketelaars wrote:
> /etc/nsd.conf has been moved to /var/nsd/etc/nsd.conf. /etc/changelist has been
> changed accordingly, /etc/mtree/special has not. NSD's configuration file
> resides in a root:_nsd owned directory with permission set at 0750. As such
> there should be no need for inclusion of nsd.conf in the mtree specification for
> dangerous files.
>
> Included a small diff file.

Actually /var/nsd/ should be added here as the config may contain keys.
Protecting the directory is safer than just nsd.conf as other config files
may be included.

OK?


Index: special
===================================================================
RCS file: /cvs/src/etc/mtree/special,v
retrieving revision 1.99
diff -u -p -r1.99 special
--- special 10 Jul 2013 05:23:18 -0000 1.99
+++ special 3 Dec 2013 09:06:48 -0000
@@ -72,7 +72,6 @@ npppd type=dir mode=0755 uname=root gna
 npppd.conf type=file mode=0640 uname=root gname=wheel
 npppd-users type=file mode=0600 uname=root gname=wheel
 .. #npppd
-nsd.conf type=file mode=0640 uname=root gname=_nsd
 ntpd.conf type=file mode=0644 uname=root gname=wheel
 ospfd.conf type=file mode=0600 uname=root gname=wheel
 ospf6d.conf type=file mode=0600 uname=root gname=wheel
@@ -191,6 +190,10 @@ lastlog type=file mode=0644 uname=root
 .. #var/log
 mail type=dir mode=0755 uname=root gname=wheel ignore
 .. #var/mail
+nsd type=dir mode=0755 uname=root gname=wheel
+etc type=dir mode=0750 uname=root gname=_nsd
+.. #var/nsd/etc
+.. #var/nsd
 run type=dir mode=0755 uname=root gname=wheel
 utmp type=file mode=0664 uname=root gname=utmp
 .. #var/run