From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] BUG12403: Fix permissions of DMA configfile Date: Mon, 11 May 2020 10:04:29 +0100 Message-ID: <375E1E5E-BE76-4B06-B0F7-BF8AA1FF39D6@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4069586795392504032==" List-Id: --===============4069586795392504032== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, > On 11 May 2020, at 10:02, Alexander Marx wrot= e: >=20 >=20 >=20 > Am 11.05.20 um 10:35 schrieb Michael Tremer: >> Hello, >>=20 >>> On 9 May 2020, at 07:06, Alexander Marx wro= te: >>>=20 >>> From: Alexander Marx >> Your Git is set up with a different email address for commits than what yo= u are using for email. Is this intentional? > There were some confusions when i set up the accounts in the beginning.... >=20 >>> Change read permissions of dma configfile so other users are able to read= it. >>> Needed for Addons like WIO to send Mails. >> I am not sure if this patch is a good idea. We will make the credentials r= eadable for everyone. >>=20 >> What would probably work better is a group called =E2=80=9Cmail=E2=80=9D w= hich nobody and wio will be a member of so that they can read the configurati= on file. Others still won=E2=80=99t be able to read it. >>=20 >> What do you think about this solution? >>=20 >> Best, >> -Michael > Well, it's a bit more complex. The next thing i am working on with Stephan = will be the APCUPSD with a nice webinterface. To make things round we are thi= nking of putting the apcupd and website together in one addon. But the apcups= d has a complete different user (apcups) and maybe there will be other tools = and services with own usernames that also could use the mailaddon. Yes, but that is great. We can simply add more users to the group when we nee= d to. That will still keep the file=E2=80=99s contents safe. > Therefor a general readpermission would be a good solution. I get that this is the easiest one, but not a good one. > In case of apcups we would otherwise be forced to put the apcups user into = the mailgroup. Yes. That is a one-liner: usermod -a -G mail apcupsd > Anyway, if this is not the solution, please delete the patch and we try to = find another solution. Best, -Michael > Alex >=20 >>> FIXES: #12403 >>> --- >>> lfs/dma | 3 ++- >>> 1 file changed, 2 insertions(+), 1 deletion(-) >>>=20 >>> diff --git a/lfs/dma b/lfs/dma >>> index aceb2704e..6b5d9bfbf 100644 >>> --- a/lfs/dma >>> +++ b/lfs/dma >>> @@ -24,7 +24,7 @@ >>>=20 >>> include Config >>>=20 >>> -VER =3D 0.12 >>> +VER =3D 0.13 >>>=20 >>> THISAPP =3D dma-$(VER) >>> DL_FILE =3D $(THISAPP).tar.gz >>> @@ -80,6 +80,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) >>> install -v -m 755 $(DIR_SRC)/config/dma/dma-cleanup-spool /usr/sbin >>> chown -R nobody.nobody /var/ipfire/dma >>> chown nobody.root /var/ipfire/dma/auth.conf >>> + chmod 644 /var/ipfire/dma/auth.conf >>> ln -svf dma /usr/sbin/sendmail.dma >>> /usr/sbin/alternatives --install /usr/sbin/sendmail sendmail /usr/sbin/s= endmail.dma 20 >>> @rm -rf $(DIR_APP) >>> --=20 >>> 2.17.1 >>>=20 >=20 --===============4069586795392504032==--