[CentOS-docs] VPNC article
Scott Robbins
scottro at nyc.rr.com
Thu Feb 12 17:52:21 UTC 2009
On Thu, Feb 12, 2009 at 05:13:27PM +0100, Christoph Maser wrote:
> Am Donnerstag, den 12.02.2009, 16:44 +0100 schrieb Scott Robbins:
> > On Thu, Feb 12, 2009 at 10:23:01AM -0500, R P Herrold wrote:
> > > On Wed, 11 Feb 2009, Scott Robbins wrote:
> > >
> > > The article asserts clear packaging permissions problems
> > > exist. Have these been upstreamed?
> >
> > By upstream do you mean the source code itself?
> >
> > The program built from source doesn't have that issue. On the other
> > hand, without trying to read Dag's mind, I simply guessed that it was
> > either minor oversight or a small additional securiy layer. (Assuming
> The permissions on the files in dags RPM:
>
> rpm -qlvp vpnc-0.5.3-1.el5.rf.i386.rpm
> [...]
> -rw------- 1 root root 157 Jan 19
> 16:35 /etc/vpnc/vpnc.conf
> -rw------- 1 root root 14995 Jan 19
> 16:35 /etc/vpnc/vpnc-script
>
>
> I assume 600,root,root is ok for the config file, or do you really need
> 700 as the article indicates? I will update the permissions of
> vpnc-script to be 700
The article should only indicate that you should change the permissions
for the vpnc-script file. (quickly doublechecks.)
Argh, the other was a typo. The description was correct (I said chmod
to read/write for root) and I just fixed the command, so it now reads
correctly. Thank you VERY much for catching it, and apologies.)
So, vpnc-script should be 700 for root and the default vpnc.conf is
probably not used anyway, since it does provide the pcf2vpnc. Even if
used, current permissions are fine.
--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6
Principal Snyder: It's fuzzy-minded liberal thinking like that
that gets you eaten.
More information about the CentOS-docs
mailing list