On Mon, 22 Aug 2022 20:08:00 +0000, Peter Müller wrote:

> Hello list,
> 
> today, Stefan reached out to me via phone and explained that
> /var/ipfire/ipblocklist/ should not be chown'ed to "nobody", since this
> would mean write access to the "sources"
> file, a thing neither needed nor desirable.
> 
> Instead, he recommended touching a "modified" file in the same folder
> and granting "nobody" write access to it. While testing, I noticed the
> same thing is necessary for a "settings" file.
> 
> I will submit a second version of the patch in due course.
> 
> Best,
> Peter Müller
> 
> 
If it helps I think Tim's original Ipblacklist had these permissions:

drwxr-xr-x 2 nobody nobody  4096 Feb  6  2022 ipblacklist

ls -l /var/ipfire/ipblacklist/

-rw-r--r-- 1 root   root     441 Aug 22 21:24 checked
-rw-r--r-- 1 root   root     190 Aug 22 21:24 modified
-rw-r--r-- 1 nobody nobody   305 Aug  3 10:29 settings
-rw-r--r-- 1 root   root   11443 Aug  3 09:28 sources
-rw-r--r-- 1 root   root       0 Feb  2  2022 status

So nobody.nobody would seem to be correct for the directory and is working 
OK here.


Rob