[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: query-pr -F ## / dbconfig
|
From: |
Milan Zamazal |
|
Subject: |
Re: query-pr -F ## / dbconfig |
|
Date: |
07 Jan 2002 12:30:46 +0100 |
|
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 |
>>>>> "TP" == Tha Project <address@hidden> writes:
>> If it works for superuser, it is almost for certain a permission
>> problem. Check whether the users can access (e.g. via `cat')
>> the PR files in the database directory.
TP> You are right. But that is the default behavior of the debian
TP> package, and not something I have intentionally setup.
TP> drwxr-s--- 2 gnats gnats 1024 Jan 3 07:05 doc
TP> Are the permissions on the 'doc' category for instance. What
TP> should it be?
I think the permission setting above is a reasonable default. If it was
changed to public access, users would complain the data is available to
anyone without explicitly saying so.
TP> and what config file/option specifices how those directories are
TP> created and what permissions/ownerships are set to them?
There is no such option. `umask' (especially in ~gnats/.profile) and
`chmod' are your friends.
>> or you can setuid gnats the query-pr binary.
TP> setuid? <gasp> .. only when it's the last resort ;)
Since gnatsd shares a lot of code with query-pr, it's comparably
(in)secure. So if you intend to use GNATS databases locally with a read
restricted access, setuid gnats on query-pr doesn't look like an
unreasonable option to me.
Regards,
Milan Zamazal
--
Free software is about freedom, not about free beer. If you care only about
the latter, you'll end up with no freedom and no free beer.