suggest config file permissions

master
Alessandro Mauri 3 years ago
parent 9c6f7703dc
commit 720f956267
  1. 3
      us.c
  2. 7
      us.conf.5

@ -741,7 +741,8 @@ static int get_config(struct config **conf, int *num)
die("config file must be a regular file"); die("config file must be a regular file");
if (st.st_mode & S_IRWXO || st.st_mode & S_IROTH || if (st.st_mode & S_IRWXO || st.st_mode & S_IROTH ||
st.st_mode & S_IWOTH || st.st_mode & S_IXOTH) st.st_mode & S_IWOTH || st.st_mode & S_IXOTH)
die("others may not modify, read or execute config file"); die("others may not modify, read or execute config file\n"
"suggested permissions for the config file: 660");
char line[CONF_LINE_MAX]; char line[CONF_LINE_MAX];
*num = 0; *num = 0;
*conf = NULL; *conf = NULL;

@ -51,8 +51,11 @@ execution of the command. A valid environment variable list starts with an
uppercase letter and ends at the next space. uppercase letter and ends at the next space.
.PP .PP
A valid config line must be owned by root:root and should not be readable, A valid config line must be owned by root:root and should not be readable,
writable or executable for any other user or group, if the config file fails writable or executable for any other user or group, in other words the best
to meet this requirements it will get rejected and invocation will fail. file permissions for the config file are
.BR 660
if the config file fails to meet this requirements it will get rejected and
invocation will fail.
.SH FILES .SH FILES
.IP /etc/us.conf .IP /etc/us.conf

Loading…
Cancel
Save