On Thu, Jan 13, 2011 at 02:48:04PM +0000, Stuart Henderson wrote: > On 2011/01/13 00:13, Claudio Jeker wrote: > > On Wed, Jan 12, 2011 at 11:57:59PM +0100, Martin Pelikan wrote: > > > Hello, > > > this patch makes ospfd(8) and ospf6d(8) check its config file permissions > > > even if run with a -n to test it. bgpd already behaves this way (changed > > > 6 years ago by henning@) and it's quite handy to fix the permissions while > > > doing tests, rather than at the first production boot time :-) > > > Any comments? > > > > Appart from my desire to kill the permission checking? > > I don't see why bgpd and ospfd needs this non-unix like behaviour, > > other tools like pfctl do not care. We install the file with the correct > > permissions so if somebody changes them it is his fault. But this is just > > my opinion. > > I don't like this check much. I usually work on a checked-out copy > of my config files when I'm editing them so I often have to chmod > before I bgpd -nvf bgpd.conf to check I haven't made a stupid typo > before I commit and copy them out. > > It's inconsistent too: the control socket is group-writable for > wheel, why should that be forbidden for the configuration file?
ospf6d.conf doesn't even contain secrets. I don't think it needs to be protected by file permissions. (ospfd.conf does contain secrets)
