Opened 11 years ago
Closed 11 years ago
#88 closed enhancement (fixed)
Add an option to allow {world,group}-readable configuration files
| Reported by: | Matthijs Kooijman | Owned by: | Victor Julien |
|---|---|---|---|
| Priority: | minor | Milestone: | undecided |
| Component: | libvuurmuur | Version: | |
| Keywords: | Cc: |
Description
Currently, vuurmuur insists on its config files not having the group-read and other-read permission bits set (among a few other checks, such as not being writable by others and being owned by root). These checks make sense in general, but for my particular installation I need the files to be readable by world. Currently, vuurmuur resets the permissions of the files when it finds anything out of order.
After a small discussion on IRC it seems feasible to implement an option to prevent the permission changes for files that are readable for group or other. I would propose adding an option "ALLOW_READABLE_CONFIG" to config.conf, which would default to "No".
I'm currently looking at the code and plan to submit a patch, probably preceded by some cleanup work in separate patches.
Attachments (6)
Change History (12)
comment:1 by , 11 years ago
by , 11 years ago
| Attachment: | max-perm.2 added |
|---|
A patch adding a MAX_PERMISSIONS configuration value
comment:2 by , 11 years ago
I added two patches. The first, max-perm (which I accidentally added twice), adds a new configuration variable, MAX_PERMISSIONS, setting the maximum allowable permissions. This is 700 by default.
The second patch adds a const struct vuumuur_config *cnf parameter to a bunch of functions (and also to the backend struct of textdir), so stat_ok can use that instead of using the global conf variable.
I haven't looked at adding support to vuurmuur_conf yet, but expect a third and final patch for that soon.
by , 11 years ago
| Attachment: | statok-cnf added |
|---|
A patch that gives stat_ok a cnf argument, instead of using the global conf variable
by , 11 years ago
| Attachment: | max-perm-conf added |
|---|
A patch adding support for changing MAX_PERMISSION in vuurmuur_conf
comment:3 by , 11 years ago
I've added a third patch, which adds support for changing the MAX_PERMISSION setting from vuurmuur_conf. I've also updated the previous two patches, with some minor fixes and the ability to actually save the MAX_PERMISSION setting when writing the config file.
AFAICS, this set of patches is now complete for review and inclusion.
comment:4 by , 11 years ago
I just realized I forgot to write something in vuurmuur_conf's help file, so I added a fourth patch to do just that.
comment:5 by , 11 years ago
w00ps, turns out I forgot to tell quilt about some file, which made the statok-cnf patch break. I've just added compile-fix, which should make it work again.
comment:6 by , 11 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Closed by changeset:253. Thanks Matthijs!
My policy wrt options in Vuurmuur is that all options need to be able to be manipulated from vuurmuur_conf. So we'll need a vuurmuur_conf patch too :) I'll help with that if you want.