[Pkg-dspam-misc] Vote for unstable.
Matthijs Mohlmann
matthijs at cacholong.nl
Sun Jan 15 14:13:24 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Michel Lespinasse wrote:
> On Sun, Jan 15, 2006 at 12:43:21PM +0100, Matthijs Mohlmann wrote:
>
>>>Why not, but this is the maintainers decision to make, I think.
>>
>>I'm one of the maintainers, but there are more maintainers and I like to
>>hear their opinion too :)
>
>
> Heh, sorry :)
>
np ;)
>
>>>Regarding permission problems: webfrontend.conf and dspam.conf are currently
>>>owned by the dspam user. This means the CGI scripts have sufficient rights
>>>to overwrite these. Is this really correct ? I'd rather have these files
>>>owned by root and world-readable, I think.
>>
>>world-readable means that passwords for database servers are readable
>>for every user, besides that only the administrator can login in the
>>webinterface and change the webfrontend.conf, there are AFAIK no options
>>to change things in dspam.conf. On the other hand, we can change
>>webfrontend.conf owned by root and add a note in README.Debian that if a
>>person would like to edit the webfrontend.conf by the web interface that
>>they need to change the permissions...
>>
>>The users can have also different preferences but these are stored in
>>/var/spool/dspam. They inherit the configuration from webfrontend.conf
>>and may override some options.
>>
>>What do you prefer?
>
>
> I did not know about the password issue - I use the hash backend.
> Still, both the dspam binary and the CGI run as group dspam, so it
> should be possible to make dspam.conf owned by root:dspam with rights
> 640 ? That way the dspam binaries can still read it but not write it.
>
Good suggestion.
> I do not understand your comment about webfrontend.conf - I am under
> the impression that the web frontend will read this file but not write
> it, so that root:root with 644 rights should be fine ?
>
Ah sorry, I'm wrong here, you are right about the webfrontend.conf. The
default.prefs in /etc/dspam is writeable by the webfrontend. And the
admins (listed in /etc/dspam/admins) are able to write default
preferences to that file.
Regards,
Matthijs Mohlmann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDyliE2n1ROIkXqbARAhbYAJ493l7Nq/zhDEKCECqpQWAVo5/D3QCdF9KW
SQbnXIDIF9wTNQN7uIrnHQU=
=qr/J
-----END PGP SIGNATURE-----
More information about the Pkg-dspam-misc
mailing list