On Thu 2018-02-01 01:33:10 -0500, Daniel Kahn Gillmor wrote:
> check out these permissions:
>
> 0 root@alice:~# ls -la /etc/systemd/system/postfix.service.d/override.conf
> -rw------- 1 root root 66 Jan 23 2017
> /etc/systemd/system/postfix.service.d/override.conf
> 0 root@alice:~#
>
>
> and yet, there is nothing secret in the file:
>
> 0 root@alice:~# cat /etc/systemd/system/postfix.service.d/override.conf
> [Unit]
> After=network-online.target
> After=systemd-resolved.service
> 0 root@alice:~#
>
> shouldn't this file be created in mode 0644? no other override.conf
> files are unreadable by "other" on this system.
I note that this shows up in the journal as:
Configuration file /etc/systemd/system/postfix.service.d/override.conf
is marked world-inaccessible. This has no effect as configuration data
is accessible via APIs without restrictions. Proceeding anyway.
so systemd is complaining about it too :/ fixing this would also cut out
the noise there.
--dkg
