etc/mtree/special: remove nsd.conf
/etc/nsd.conf has been moved to /var/nsd/etc/nsd.conf. /etc/changelist has been changed accordingly, /etc/mtree/special has not. NSD's configuration file resides in a root:_nsd owned directory with permission set at 0750. As such there should be no need for inclusion of nsd.conf in the mtree specification for dangerous files. Included a small diff file. -- Björn Ketelaars GPG key: 0x4F0E5F21 Index: mtree/special === RCS file: /cvs/src/etc/mtree/special,v retrieving revision 1.99 diff -u -p -r1.99 special --- mtree/special 10 Jul 2013 05:23:18 - 1.99 +++ mtree/special 3 Dec 2013 07:53:51 - @@ -72,7 +72,6 @@ npppd type=dir mode=0755 uname=root gna npppd.conf type=file mode=0640 uname=root gname=wheel npppd-userstype=file mode=0600 uname=root gname=wheel .. #npppd -nsd.conf type=file mode=0640 uname=root gname=_nsd ntpd.conf type=file mode=0644 uname=root gname=wheel ospfd.conf type=file mode=0600 uname=root gname=wheel ospf6d.conftype=file mode=0600 uname=root gname=wheel
Re: etc/mtree/special: remove nsd.conf
On 03/12/2013, Ian McWilliam wrote: On 3/12/2013 7:12 PM, Björn Ketelaars wrote: /etc/nsd.conf has been moved to /var/nsd/etc/nsd.conf. /etc/changelist has been changed accordingly, /etc/mtree/special has not. NSD's configuration file resides in a root:_nsd owned directory with permission set at 0750. As such there should be no need for inclusion of nsd.conf in the mtree specification for dangerous files. Included a small diff file. Does a conf file really need to be executable? Ian McWilliam The directory has permission 0750, not the configuration file (which is 0640). So, no executable config file. Guess that my crappy English is to blame... -- Björn Ketelaars GPG key: 0x4F0E5F21
Re: etc/mtree/special: remove nsd.conf
On 2013/12/03 09:12, Björn Ketelaars wrote: /etc/nsd.conf has been moved to /var/nsd/etc/nsd.conf. /etc/changelist has been changed accordingly, /etc/mtree/special has not. NSD's configuration file resides in a root:_nsd owned directory with permission set at 0750. As such there should be no need for inclusion of nsd.conf in the mtree specification for dangerous files. Included a small diff file. Actually /var/nsd/ should be added here as the config may contain keys. Protecting the directory is safer than just nsd.conf as other config files may be included. OK? Index: special === RCS file: /cvs/src/etc/mtree/special,v retrieving revision 1.99 diff -u -p -r1.99 special --- special 10 Jul 2013 05:23:18 - 1.99 +++ special 3 Dec 2013 09:06:48 - @@ -72,7 +72,6 @@ npppd type=dir mode=0755 uname=root gna npppd.conf type=file mode=0640 uname=root gname=wheel npppd-userstype=file mode=0600 uname=root gname=wheel .. #npppd -nsd.conf type=file mode=0640 uname=root gname=_nsd ntpd.conf type=file mode=0644 uname=root gname=wheel ospfd.conf type=file mode=0600 uname=root gname=wheel ospf6d.conftype=file mode=0600 uname=root gname=wheel @@ -191,6 +190,10 @@ lastlogtype=file mode=0644 uname=root .. #var/log mail type=dir mode=0755 uname=root gname=wheel ignore .. #var/mail +nsdtype=dir mode=0755 uname=root gname=wheel +etctype=dir mode=0750 uname=root gname=_nsd +.. #var/nsd/etc +.. #var/nsd runtype=dir mode=0755 uname=root gname=wheel utmp type=file mode=0664 uname=root gname=utmp .. #var/run
Re: etc/mtree/special: remove nsd.conf
On 3/12/2013 7:12 PM, Björn Ketelaars wrote: /etc/nsd.conf has been moved to /var/nsd/etc/nsd.conf. /etc/changelist has been changed accordingly, /etc/mtree/special has not. NSD's configuration file resides in a root:_nsd owned directory with permission set at 0750. As such there should be no need for inclusion of nsd.conf in the mtree specification for dangerous files. Included a small diff file. Does a conf file really need to be executable? Ian McWilliam
