fai log permissions
Toomas Tamm
tt-fai at kky.ttu.ee
Tue Sep 27 15:38:13 CEST 2011
On Tue, 2011-09-27 at 11:35 +0200, Natxo Asenjo wrote:
> The standard fai log permissions are too generous: 644 for all the log
> files in /var/log/fai/localhost/install-date. If you use debconf to
> set passwords, then those passwords are readable to anyone with shell
> access.
>
> Is this issue still in the most recent fai?
While I see how it can be a problem for some use cases, I personally do
not have any sensitive information in the logs and find it very
convenient to be able to check the logs while being logged on as myself
on the FAI server. If any changes are planned in the permissions of the
logs, please make it a user-configurable option rather than hard-coding
any specific value.
Toomas Tamm
More information about the linux-fai
mailing list