Add an option to allow {world,group}-readable configuration files

[matthijs]

Currently, vuurmuur insists on its config files not having the group-read and other-read permission bits set (among a few other checks, such as not being writable by others and being owned by root). These checks make sense in general, but for my particular installation I need the files to be readable by world. Currently, vuurmuur resets the permissions of the files when it finds anything out of order.

After a small discussion on IRC it seems feasible to implement an option to prevent the permission changes for files that are readable for group or other. I would propose adding an option "ALLOW_READABLE_CONFIG" to config.conf, which would default to "No".

I'm currently looking at the code and plan to submit a patch, probably preceded by some cleanup work in separate patches.

[victor]

My policy wrt options in Vuurmuur is that all options need to be able to be manipulated from vuurmuur_conf. So we'll need a vuurmuur_conf patch too :) I'll help with that if you want.

[matthijs]

A patch adding a MAX_PERMISSIONS configuration value

[matthijs]

I added two patches. The first, max-perm (which I accidentally added twice), adds a new configuration variable, MAX_PERMISSIONS, setting the maximum allowable permissions. This is 700 by default.

The second patch adds a const struct vuumuur_config *cnf parameter to a bunch of functions (and also to the backend struct of textdir), so stat_ok can use that instead of using the global conf variable.

I haven't looked at adding support to vuurmuur_conf yet, but expect a third and final patch for that soon.

[matthijs]

A patch adding a MAX_PERMISSIONS configuration value

[matthijs]

A patch that gives stat_ok a cnf argument, instead of using the global conf variable

[matthijs]

A patch adding support for changing MAX_PERMISSION in vuurmuur_conf

[matthijs]

I've added a third patch, which adds support for changing the MAX_PERMISSION setting from vuurmuur_conf. I've also updated the previous two patches, with some minor fixes and the ability to actually save the MAX_PERMISSION setting when writing the config file.

AFAICS, this set of patches is now complete for review and inclusion.

[matthijs]

Add a notice to the help file

[matthijs]

I just realized I forgot to write something in vuurmuur_conf's help file, so I added a fourth patch to do just that.

[matthijs]

Addition to the statok-cnf patch

[matthijs]

w00ps, turns out I forgot to tell quilt about some file, which made the statok-cnf patch break. I've just added compile-fix, which should make it work again.

[victor]

Closed by changeset:253. Thanks Matthijs!