-
-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security-concerns: world-readable configuration-files containing database-credentials #349
Comments
Note for the file Also note about this script file's usage of |
Note also, that most probably it doesn't suffice to just remove all those world-readable permission as this will lead to some service stop working due to miss configuration |
@tomcrus001 I think we can modify permissions of most files and remove the read flag for group and other categories. The settings.py file is a special case since management commands are not always run by the root user. I guess we can remove the read flag for others but leave it for group but it requires to check if every involved user is in the modoboa group. |
Impacted versions
Steps to reproduce
normal Installation using modoboa-install's
run.py
Full trace using --debug option or current behaviour
Expected behavior
following files containing database-credentials mustn't be world-readable
/etc/postfix/sql*.cf
/etc/dovecot/dovecot-sql-master.conf.ext
/usr/local/bin/postlogin.sh
/etc/opendkim.conf
/srv/modoboa/instance/instance/settings.py
After having done a fresh installation using modoboa-install:
The text was updated successfully, but these errors were encountered: