Hash: SHA1

On 04/15/2011 09:07 AM, Johannes Weberhofer wrote:
> Dear all,
> I'm currently doing some packaging work for vpopmail, and have reviewed
> the file properties. I have seen, that all files (except vusaged in 5.5)
> have the properties set to "-rwx--x--x 1 vpopmail vchkpw". Shouldn't
> that be more restrictive? E.g. set to 0750 or even owned by root? In an
> older package of mine (it was 5.4.25) I have set it to 0750 root.root,
> which did never cause any problems.

You may set the permissions how you like, but there's really nothing
secret contained within the vusaged binary in 5.5.  The permissions
you're referring to, which have been kept from 5.4 just because there's
no reason to change them, were there because the binaries statically
linked authentication mechanisms that sometimes had hard-coded
authentication values in them.

5.5 binaries do not statically link against the authentication backend.

In this case, you would be concerned about permissions on the shared
objects used for authentication.

> Regarding the FHS, I think those binaries should be moved to /usr/sbin.
> What do you think?
> Regarding the documentation I'd recommend to change the examples to
> install vpopmail into /var/lib/vpopmail, following the FHS 2.3 section 5.1.

What examples are you referring to?
- -- 
    Matt Brookings <m...@inter7.com>       GnuPG Key FAE0672C
    Software developer                     Systems technician
    Inter7 Internet Technologies, Inc.     (815)776-9465
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


Reply via email to