Permissions on backup/restore password file


Forum: DSL Ideas and Suggestions
Topic: Permissions on backup/restore password file
started by: WDef

Posted by WDef on Sep. 19 2005,08:15
Since passwords can now be set for root and the user 'dsl', I wondered if it would be consistent to restrict
perms on /etc/sysconfig/des to 600 in /etc/init.d/dsl-config before writing the backup/restore
password there?

At present this file is world-readable.

For eg:
Code Sample
if checkbootparam "protect"; then
     getpasswd "encryption"
     touch /etc/sysconfig/des
     chmod 600 /etc/sysconfig/des
     echo "$PASSWD" > /etc/sysconfig/des
  fi

(Requires remastering of the iso to test).
 
If filetool.sh is still to be executable by user dsl, sudo will then need to be inserted
before the 'cat /etc/sysconfig/des' lines in filetool.sh.
Code Sample
KEY=$(sudo cat /etc/sysconfig/des)

However, since filetool.sh never seems to be executed other than by root/sudo, all the 'sudo' commands
might be safely removable from filetool.sh. In that case, the 'chown root $MOUNTPOINT/backup.des' in the hacked
scripts I  < posted > recently also can be removed.

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.