On Sun, 2011-04-03 at 14:38:49 -0700, Ori Bani wrote: > On Sun, Apr 3, 2011 at 2:08 PM, Sahil Tandon <sa...@freebsd.org> wrote: > > On Sun, 2011-04-03 at 13:30:44 -0700, Ori Bani wrote: > > > >> From what I can tell, it is common to have local.cf > >> permissions/ownership as > >> > >> root:root 644 (rw-r--r--) > >> > >> But I have some database passwords (bayes, awl) in that file and would > >> like NOT to have world read permissions on that file. > >> > >> I'm not entirely sure what process reads that file and what user that > >> process runs as, so I hope that's an easy question you can answer for > >> me. Is there any ownership or permissions combination that is more > >> restrictive than the above? Does it really need to be world readable? > > > > You've asked a few different questions; the answer to the last one is > > 'no'. > > Can you elaborate? The systemwide local.cf > (/etc/mail/spamassassin/local.cf) where my database passwords are > located seems to need to be world readable according to docs I've read > on the web (so that each user gets the default settings in that file I > think). So how can I preserve that functionality without having > global read permission on that file?
My permissions for local.cf are: -rw-r----- And I've had no problems for several years now. How do you reconcile that with what you've read 'on the web'? Different situations and needs will merit different solutions. Your question was general and received a general response. :) -- Sahil Tandon <sa...@freebsd.org>
