[Pkg-dns-devel] Bug#849156: Bug#849156: softhsm2-common: consider opening up permissions on /etc/softhsm
Mike Miller
mtmiller at debian.org
Tue Jan 3 19:53:58 UTC 2017
On Mon, Jan 02, 2017 at 15:50:19 +0100, Ondřej Surý wrote:
> could you explain what is the use case to have more relaxed permissions?
Sure, the use case for me is strictly documentation.
A non-root user can use softhsm2-util program with a user config file in
~/.config/softhsm2 or $SOFTHSM2_CONF, as described by softhsm2.conf(1).
The man page points at /etc/softhsm/softhsm2.conf{,.sample} as the
default config files. But a non-root user can't read those files, so has
no template config file to reference at a glance.
If the man page pointed the user to a readable config file template,
that would help a bit.
I still think it's helpful for non-root users to see how the system is
actually configured when doing so doesn't reveal any keys, passwords, or
other privileged information. For every file in /etc that is not
world-readable, there is ideally a justification for that choice. So
what is the use case for having restricted permissions in the first
place?
Thanks for your consideration,
--
mike
More information about the pkg-dns-devel
mailing list