-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/15/2011 09:07 AM, Johannes Weberhofer wrote: > Dear all, > > I'm currently doing some packaging work for vpopmail, and have reviewed > the file properties. I have seen, that all files (except vusaged in 5.5) > have the properties set to "-rwx--x--x 1 vpopmail vchkpw". Shouldn't > that be more restrictive? E.g. set to 0750 or even owned by root? In an > older package of mine (it was 5.4.25) I have set it to 0750 root.root, > which did never cause any problems.
You may set the permissions how you like, but there's really nothing secret contained within the vusaged binary in 5.5. The permissions you're referring to, which have been kept from 5.4 just because there's no reason to change them, were there because the binaries statically linked authentication mechanisms that sometimes had hard-coded authentication values in them. 5.5 binaries do not statically link against the authentication backend. In this case, you would be concerned about permissions on the shared objects used for authentication. > Regarding the FHS, I think those binaries should be moved to /usr/sbin. > What do you think? > > Regarding the documentation I'd recommend to change the examples to > install vpopmail into /var/lib/vpopmail, following the FHS 2.3 section 5.1. What examples are you referring to? - -- /* Matt Brookings <m...@inter7.com> GnuPG Key FAE0672C Software developer Systems technician Inter7 Internet Technologies, Inc. (815)776-9465 */ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2oUscACgkQIwet2/rgZyyVeQCcCyKX+Tw4921dzod5E7vYk3Y7 p8oAnAgxKHWK0z/VeihdSU6e3v+5UarO =DeIG -----END PGP SIGNATURE-----