[SOLVED] Configuration XML Permissions

Started by utkonos, April 21, 2022, 09:04:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 21, 2022, 09:04:39 PM Last Edit: April 24, 2022, 11:16:08 PM by utkonos
I have been digging into the config.xml and during this, I noticed that the /conf/config.xml file has world readable permissions. I also noticed that the incremental backups of the config file located in /conf/backup have inconsistent permissions. Some are 640 and some are 644.

Are these permissions correct?



April 22, 2022, 08:56:47 AM #1
I think that 640 is an umask issue within configd/configctl executed scripts as witnessed by https://github.com/opnsense/core/commit/7a68bab0859 but benign enough to leave as is.

Historically 644 is required for e.g. OpenVPN authentication script to reach the user data in /conf/config.xml because OpenVPN doesn't run as root.

We are going to change that eventually, but in any case the use of shell access for non-admins is highly discouraged so that this particular issues does not matter.


Cheers,
Franco
April 24, 2022, 11:16:45 PM #2
Understood. Thanks for taking a look.
Print
Go Up Pages1
User actions