Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
[SOLVED] Configuration XML Permissions
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] Configuration XML Permissions (Read 1220 times)
utkonos
Newbie
Posts: 32
Karma: 3
[SOLVED] Configuration XML Permissions
«
on:
April 21, 2022, 09:04:39 pm »
I have been digging into the config.xml and during this, I noticed that the /conf/config.xml file has world readable permissions. I also noticed that the incremental backups of the config file located in /conf/backup have inconsistent permissions. Some are 640 and some are 644.
Are these permissions correct?
«
Last Edit: April 24, 2022, 11:16:08 pm by utkonos
»
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Configuration XML Permissions
«
Reply #1 on:
April 22, 2022, 08:56:47 am »
I think that 640 is an umask issue within configd/configctl executed scripts as witnessed by
https://github.com/opnsense/core/commit/7a68bab0859
but benign enough to leave as is.
Historically 644 is required for e.g. OpenVPN authentication script to reach the user data in /conf/config.xml because OpenVPN doesn't run as root.
We are going to change that eventually, but in any case the use of shell access for non-admins is highly discouraged so that this particular issues does not matter.
Cheers,
Franco
Logged
utkonos
Newbie
Posts: 32
Karma: 3
Re: [SOLVED] Configuration XML Permissions
«
Reply #2 on:
April 24, 2022, 11:16:45 pm »
Understood. Thanks for taking a look.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
[SOLVED] Configuration XML Permissions