[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandrake-cooker
Subject:    Re: [Cooker] Re: [cooker-commits] [svn-commit] r120338 - in packages/cooker/fail2ban/current:
From:       Guillaume Rousse <Guillaume.Rousse () inria ! fr>
Date:       2007-02-15 9:23:52
Message-ID: 45D426A8.2020407 () inria ! fr
[Download RAW message or body]

Tomasz Paweł Gajc wrote:
> Dnia czwartek, 15 lutego 2007, Per Øyvind Karlsen napisał:
>> Tirsdag 13 februar 2007 12:32, skrev tpg:
>>> +%attr(744,root,root) %{_initrddir}/%{name}
>> Users won't actually be able to run this even if executable, now will they?
>>
>> No reason for such permissions..
> 
> I just want to make sure that non privileged users won't stop this service.
> i've noticed that others set 700 on initscripts, and no one shouts about 
> it ;-)
Setting perms in packages is usually a wrong idea. Unless very good
reasons (such as configuration files containing passwords), you should
keep standard perms, and let local admins fine-tune their setup. Anyway,
in common directories, first msec run will drop those carefully crafted
perms, and make rpm --verify output an error...

Alternatively, you may consider providing perms set corresponding to
different security level to msec package (which stall lacks a way to
have per-package setting).
[prev in list] [next in list] [prev in thread] [next in thread]