On Mon, 22 Aug 2022 20:08:00 +0000, Peter Müller wrote:
Hello list,
today, Stefan reached out to me via phone and explained that /var/ipfire/ipblocklist/ should not be chown'ed to "nobody", since this would mean write access to the "sources" file, a thing neither needed nor desirable.
Instead, he recommended touching a "modified" file in the same folder and granting "nobody" write access to it. While testing, I noticed the same thing is necessary for a "settings" file.
I will submit a second version of the patch in due course.
Best, Peter Müller
If it helps I think Tim's original Ipblacklist had these permissions:
drwxr-xr-x 2 nobody nobody 4096 Feb 6 2022 ipblacklist
ls -l /var/ipfire/ipblacklist/
-rw-r--r-- 1 root root 441 Aug 22 21:24 checked -rw-r--r-- 1 root root 190 Aug 22 21:24 modified -rw-r--r-- 1 nobody nobody 305 Aug 3 10:29 settings -rw-r--r-- 1 root root 11443 Aug 3 09:28 sources -rw-r--r-- 1 root root 0 Feb 2 2022 status
So nobody.nobody would seem to be correct for the directory and is working OK here.
Rob