Package: horde3 Severity: wishlist Tags: patch Hi
On Wed, Jul 11, 2007 at 07:29:04PM +0200, Gregory Colpart wrote: > Hi, > > On Wed, Jul 11, 2007 at 10:21:10AM +0200, Ola Lundqvist wrote: > > > > I think they are really good. Just one thing that I do not understand > > and that is the following part: > > > > Secure /etc permissions: > > > > # chgrp www-data /etc/horde > > # chmod 750 /etc/horde > > > > Why should the files there be group-owned by www-data? Do you just want > > www-data to be able to read it? If this is the case, should this > > be the default behaviour? > > I want www-data to be able to read/enter in /etc/horde/ directory > *but* no read/enter right for all users. In > /usr/share/doc/horde3/README.Debian, there is: Ok. :) > 8<---------------------------------------------------------------------------- > An additional approach is to make Horde's configuration files owned by > the user ``root`` and by a group which only the webserver user belongs > to, and then making them readable only to owner and group. For example, > if your webserver runs as ``www-data.www-data``, do as follows:: > > chown root.www-data config/* > chmod 0440 config/* > 8<---------------------------------------------------------------------------- > > The command "chgrp www-data /etc/horde && chmod 750 /etc/horde" applies the > same idea and I think it's more easy for secure horde config (backend > passwords, secrete parameters...). You change one time owner group & right > and it's OK for ever, even when you install new Horde modules. > It should probably be the default behaviour. Ok. I'll file a wishlist bug for this so we remember it. :) Clone to appropriate packages... It should be something like this: chgrp -Rf root.www-data debian/horde3/etc/horde chgrp -Rf 750 debian/horde3/etc/horde And then change the dh_fixperms line to: dh_fixperms -Xdebian/horde3/var/log/horde -Xdebian/horde3/etc/horde Regards, // Ola > Regards, > -- > Gregory Colpart <[EMAIL PROTECTED]> GnuPG:1024D/C1027A0E > Evolix - Informatique et Logiciels Libres http://www.evolix.fr/ > -- --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ---- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | http://opalsys.net/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]