OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • [SOLVED] Configuration XML Permissions
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] Configuration XML Permissions  (Read 1212 times)

utkonos

  • Newbie
  • *
  • Posts: 32
  • Karma: 3
    • View Profile
[SOLVED] Configuration XML Permissions
« on: April 21, 2022, 09:04:39 pm »
I have been digging into the config.xml and during this, I noticed that the /conf/config.xml file has world readable permissions. I also noticed that the incremental backups of the config file located in /conf/backup have inconsistent permissions. Some are 640 and some are 644.

Are these permissions correct?



« Last Edit: April 24, 2022, 11:16:08 pm by utkonos »
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17659
  • Karma: 1611
    • View Profile
Re: Configuration XML Permissions
« Reply #1 on: April 22, 2022, 08:56:47 am »
I think that 640 is an umask issue within configd/configctl executed scripts as witnessed by https://github.com/opnsense/core/commit/7a68bab0859 but benign enough to leave as is.

Historically 644 is required for e.g. OpenVPN authentication script to reach the user data in /conf/config.xml because OpenVPN doesn't run as root.

We are going to change that eventually, but in any case the use of shell access for non-admins is highly discouraged so that this particular issues does not matter.


Cheers,
Franco
Logged

utkonos

  • Newbie
  • *
  • Posts: 32
  • Karma: 3
    • View Profile
Re: [SOLVED] Configuration XML Permissions
« Reply #2 on: April 24, 2022, 11:16:45 pm »
Understood. Thanks for taking a look.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 22.1 Legacy Series »
  • [SOLVED] Configuration XML Permissions
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2