Ticket #88 (closed enhancement: fixed)
Add an option to allow {world,group}-readable configuration files
| Reported by: | matthijs | Owned by: | victor |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | libvuurmuur | Version: | |
| Keywords: | Cc: |
Description
Currently, vuurmuur insists on its config files not having the group-read and other-read permission bits set (among a few other checks, such as not being writable by others and being owned by root). These checks make sense in general, but for my particular installation I need the files to be readable by world. Currently, vuurmuur resets the permissions of the files when it finds anything out of order.
After a small discussion on IRC it seems feasible to implement an option to prevent the permission changes for files that are readable for group or other. I would propose adding an option "ALLOW_READABLE_CONFIG" to config.conf, which would default to "No".
I'm currently looking at the code and plan to submit a patch, probably preceded by some cleanup work in separate patches.
Attachments
Change History
Changed 17 months ago by victor
Changed 17 months ago by matthijs
- attachment max-perm.2 added
A patch adding a MAX_PERMISSIONS configuration value
Changed 17 months ago by matthijs
I added two patches. The first, max-perm (which I accidentally added twice), adds a new configuration variable, MAX_PERMISSIONS, setting the maximum allowable permissions. This is 700 by default.
The second patch adds a const struct vuumuur_config *cnf parameter to a bunch of functions (and also to the backend struct of textdir), so stat_ok can use that instead of using the global conf variable.
I haven't looked at adding support to vuurmuur_conf yet, but expect a third and final patch for that soon.
Changed 15 months ago by matthijs
- attachment max-perm added
A patch adding a MAX_PERMISSIONS configuration value
Changed 15 months ago by matthijs
- attachment statok-cnf added
A patch that gives stat_ok a cnf argument, instead of using the global conf variable
Changed 15 months ago by matthijs
- attachment max-perm-conf added
A patch adding support for changing MAX_PERMISSION in vuurmuur_conf
Changed 15 months ago by matthijs
I've added a third patch, which adds support for changing the MAX_PERMISSION setting from vuurmuur_conf. I've also updated the previous two patches, with some minor fixes and the ability to actually save the MAX_PERMISSION setting when writing the config file.
AFAICS, this set of patches is now complete for review and inclusion.
Changed 15 months ago by matthijs
I just realized I forgot to write something in vuurmuur_conf's help file, so I added a fourth patch to do just that.
Changed 15 months ago by matthijs
w00ps, turns out I forgot to tell quilt about some file, which made the statok-cnf patch break. I've just added compile-fix, which should make it work again.
Changed 15 months ago by victor
- status changed from new to closed
- resolution set to fixed
Closed by changeset:253. Thanks Matthijs!

My policy wrt options in Vuurmuur is that all options need to be able to be manipulated from vuurmuur_conf. So we'll need a vuurmuur_conf patch too :) I'll help with that if you want.