[pkg-horde] Bug#432814: Maybe we should change the default group for files in /etc/horde

Ola Lundqvist ola at opalsys.net
Thu Jul 12 07:34:29 UTC 2007 

Package: horde3
Severity: wishlist
Tags: patch

Hi

On Wed, Jul 11, 2007 at 07:29:04PM +0200, Gregory Colpart wrote:
> Hi,
> 
> On Wed, Jul 11, 2007 at 10:21:10AM +0200, Ola Lundqvist wrote:
> > 
> > I think they are really good. Just one thing that I do not understand
> > and that is the following part:
> > 
> > Secure /etc permissions:
> > 
> > # chgrp www-data /etc/horde
> > # chmod 750 /etc/horde
> > 
> > Why should the files there be group-owned by www-data? Do you just want
> > www-data to be able to read it? If this is the case, should this
> > be the default behaviour?
> 
> I want www-data to be able to read/enter in /etc/horde/ directory
> *but* no read/enter right for all users. In
> /usr/share/doc/horde3/README.Debian, there is:

Ok. :)

> 8<----------------------------------------------------------------------------
>       An additional approach is to make Horde's configuration files owned by
>       the user ``root`` and by a group which only the webserver user belongs
>       to, and then making them readable only to owner and group.  For example,
>       if your webserver runs as ``www-data.www-data``, do as follows::
> 
>          chown root.www-data config/*
>          chmod 0440 config/*
> 8<----------------------------------------------------------------------------
> 
> The command "chgrp www-data /etc/horde && chmod 750 /etc/horde" applies the
> same idea and I think it's more easy for secure horde config (backend
> passwords, secrete parameters...). You change one time owner group & right
> and it's OK for ever, even when you install new Horde modules.
> It should probably be the default behaviour.

Ok. I'll file a wishlist bug for this so we remember it. :)
Clone to appropriate packages...

It should be something like this:

	chgrp -Rf root.www-data debian/horde3/etc/horde
	chgrp -Rf 750 debian/horde3/etc/horde

And then change the dh_fixperms line to:
	dh_fixperms -Xdebian/horde3/var/log/horde -Xdebian/horde3/etc/horde


Regards,

// Ola

> Regards,
> -- 
> Gregory Colpart <reg at evolix.fr>  GnuPG:1024D/C1027A0E
> Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
> 

-- 
 --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ----
/  ola at opalsys.net                   Annebergsslingan 37        \
|  opal at debian.org                   654 65 KARLSTAD            |
|  http://opalsys.net/               Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

More information about the pkg-horde-hackers mailing list