[Pkg-dspam-misc] Vote for unstable.
Michel Lespinasse
walken at zoy.org
Sun Jan 15 12:03:58 UTC 2006
On Sun, Jan 15, 2006 at 12:43:21PM +0100, Matthijs Mohlmann wrote:
> > Why not, but this is the maintainers decision to make, I think.
> I'm one of the maintainers, but there are more maintainers and I like to
> hear their opinion too :)
Heh, sorry :)
>> Regarding permission problems: webfrontend.conf and dspam.conf are currently
>> owned by the dspam user. This means the CGI scripts have sufficient rights
>> to overwrite these. Is this really correct ? I'd rather have these files
>> owned by root and world-readable, I think.
>
> world-readable means that passwords for database servers are readable
> for every user, besides that only the administrator can login in the
> webinterface and change the webfrontend.conf, there are AFAIK no options
> to change things in dspam.conf. On the other hand, we can change
> webfrontend.conf owned by root and add a note in README.Debian that if a
> person would like to edit the webfrontend.conf by the web interface that
> they need to change the permissions...
>
> The users can have also different preferences but these are stored in
> /var/spool/dspam. They inherit the configuration from webfrontend.conf
> and may override some options.
>
> What do you prefer?
I did not know about the password issue - I use the hash backend.
Still, both the dspam binary and the CGI run as group dspam, so it
should be possible to make dspam.conf owned by root:dspam with rights
640 ? That way the dspam binaries can still read it but not write it.
I do not understand your comment about webfrontend.conf - I am under
the impression that the web frontend will read this file but not write
it, so that root:root with 644 rights should be fine ?
--
Michel "Walken" Lespinasse
"Bill Gates is a monocle and a Persian cat away from being the villain
in a James Bond movie." -- Dennis Miller
More information about the Pkg-dspam-misc
mailing list