-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sascha Vogt wrote: > Hi, > > Håkan Kvist schrieb: >> ank man wrote: >>> I installed centerim on a new machine and saw, that the >>> ~/.centerim/config file has 644 file permission. As passwords in there >>> are stored in plain text I'd suggest to set this to 600 when centerim >>> gets installed. Or better, encrypt passwords there. >> >> Since I had nothing better to do this evening I tried to fix that on the >> mob branch. It should work for a user that uses centerim for the first >> time. But if you allready got a ~/.centerim directory it is not perfect, >> but still better than nothing. (As a user you should run something like >> chmod -R g-rwx,o-rwx ~/.centerim to make sure that all subdirectories >> got the proper protection). > I'm not sure anymore, but I thought the directory itself has 700 upon > first creation, so what is the benefit of having the .centerim/config > itself set to 600?
None at all. It seems like you are right. I should have done some more research before starting coding. All files in the .centerim directory is protected by the permissions on the directory itself, i.e they can't be accessed by another user. Is something gained by clearing the group/other permissions on all the files in the .centerim directory? If not I will happily revert my changes. br Håkan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKP71sfu+aNIkyxzsRAq3pAKDFO5OYYSQnQ3DHRp6PbhFJFSjHXQCffYXd XzF8mpiVIlsMANnyM2KPFXg= =bLxI -----END PGP SIGNATURE----- -- _______________________________________________ Centerim-devel mailing list Centerim-devel@centerim.org http://centerim.org/mailman/listinfo/centerim-devel http://www.centerim.org/