On Sun, 2021-02-07 at 19:34 +0100, Fabio Fantoni wrote: > Il 07/02/2021 19:10, Al Chu ha scritto: > > Hi Fabio, > > > > Thanks, I've decreased it and other conf files to 640. I never > > caught > > this b/c the permissions were overwritten to 0600 in the RPM spec > > files. > > thanks, decrease all conf files is not needed if not all them can > contain sensitive informations (like username/password) FWIK, I did a > fast look and seems: > > - freeipmi.conf ipmiseld.conf libipmiconsole.conf can contain > sensitive > informations > > - freeipmi_interpret_sel.conf freeipmi_interpret_sensor.conf > ipmidetect.conf ipmidetectd.conf don't can contain sensitive > informations > > is it correct?
I decided to decrease all the conf files to 0640 except for the "freeipmi_interpret_*.conf" files. Al > > > > > Al > > > > On Sun, 2021-02-07 at 13:17 +0100, Fabio Fantoni wrote: > > > Hi, freeipmi.conf could contain sensitive informations, default > > > permission setted to it by build (in etc/Makefile.am) is 644, > > > debian > > > decreased it in packaging after build very long time ago > > > ( > > > https://salsa.debian.org/debian/freeipmi/-/blob/master/debian/rules > > > ) > > > . > > > > > > I think is good decrease it also upstream from 644 to 640 > > > (removing > > > read > > > permission to others). > > > > > > Thanks for any reply and sorry for my bad english. > > > > > > > >
