Package: quagga Version: 0.99.23.1-1+deb8u3 Severity: minor Currently, not all users that belong to the group quaggavty are able to modify the quagga’s configuration due to (incorrect?) permissions. For example, having two members of quaggavty: usera and userb and using integrated configuration file Quagga.conf. When usera writes the configuration from vtysh the permissions for the file will be:
-rw-r----- 1 usera quaggavty 973 Dec 4 11:43 Quagga.conf This prevents userb from writing the configuration with vtysh. I think this package should be modified so that the permission for group quaggavty is rw on the configuration files managed by vtysh. In theory this can be easily achieved by passing --enable-configfile-mask=660 to the configure script instead of the current value of 640. Not sure if this has any security implications, but currently any member of quaggavty can remove/delete any file under /etc/quagga so I don’t think this change would give any extra permissions and it would make configuration a lot easier. Thanks a lot for your time. -- Carlos Ramos
