-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Håkan Kvist wrote the following lines on 06/22/2009 07:20 PM: > Sascha Vogt wrote: >> Hi, > >> Håkan Kvist schrieb: >>> ank man wrote: >>>> I installed centerim on a new machine and saw, that the >>>> ~/.centerim/config file has 644 file permission. As passwords in there >>>> are stored in plain text I'd suggest to set this to 600 when centerim >>>> gets installed. Or better, encrypt passwords there. >>> Since I had nothing better to do this evening I tried to fix that on the >>> mob branch. It should work for a user that uses centerim for the first >>> time. But if you allready got a ~/.centerim directory it is not perfect, >>> but still better than nothing. (As a user you should run something like >>> chmod -R g-rwx,o-rwx ~/.centerim to make sure that all subdirectories >>> got the proper protection). >> I'm not sure anymore, but I thought the directory itself has 700 upon >> first creation, so what is the benefit of having the .centerim/config >> itself set to 600? > > None at all. > > It seems like you are right. I should have done some more research > before starting coding. > > All files in the .centerim directory is protected by the permissions on > the directory itself, i.e they can't be accessed by another user. > > Is something gained by clearing the group/other permissions on all the > files in the .centerim directory? > > If not I will happily revert my changes. >
I have now happily reverted most of my changes (it only took me a little more that 6 months :-) br Håkan -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFLYhkkfu+aNIkyxzsRAhdIAJ911lfx+gleb9q3Cl/XuSkjmm1cygCfUucJ uYHypASDKGndZi2fiVEjHLg= =U/U2 -----END PGP SIGNATURE----- -- _______________________________________________ Centerim-devel mailing list Centerim-devel@centerim.org http://centerim.org/mailman/listinfo/centerim-devel http://www.centerim.org/