On 1.11.2015 18:54, Randy Barlow wrote: > On 10/07/2015 01:37 PM, Randy Barlow wrote: >> I've filed a request to add a new package called ari-backup: > >> https://bugzilla.redhat.com/show_bug.cgi?id=1269609 > > My package reviewer and I had some questions about whether the > permissions I have set in my spec file are justifiable or not. This > software is a backup server, and the spec file I have created > configured the backup store (/var/lib/ari-backup) to have restrictive > permissions (root:root, 0700). The reasoning is that I didn't want to > assume that it would be OK for other users who may have access to the > backup server to be able to see files from other systems that have > been stored there. > > Additionally, the folder /etc/ari-backup/jobs.d contains job > configuration files, and is also configured for 0700. This is to > prevent any information about what is being backed up (and how it is > being backed up) from leaking. The backup jobs in there are Python > scripts, and can contain arbitrary code to be executed during the > backup jobs. > > What do others think? Are the permissions I have selected in my spec > file appropriate for a backup server?
Generally principle of least privileges is okay, so I agree with your proposal in general. On the other hand I have to ask if the server must be running under root? Shoudn't it run under a dedicated user, e.g. 'aribackup'? In that case filesystem permissions should be root:aribackup 770. -- Petr Spacek @ Red Hat -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
