Re: Self Introduction: Randy Barlow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/07/2015 01:37 PM, Randy Barlow wrote:
> I've filed a request to add a new package called ari-backup:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1269609

My package reviewer and I had some questions about whether the
permissions I have set in my spec file are justifiable or not. This
software is a backup server, and the spec file I have created
configured the backup store (/var/lib/ari-backup) to have restrictive
permissions (root:root, 0700). The reasoning is that I didn't want to
assume that it would be OK for other users who may have access to the
backup server to be able to see files from other systems that have
been stored there.

Additionally, the folder /etc/ari-backup/jobs.d contains job
configuration files, and is also configured for 0700. This is to
prevent any information about what is being backed up (and how it is
being backed up) from leaking. The backup jobs in there are Python
scripts, and can contain arbitrary code to be executed during the
backup jobs.

What do others think? Are the permissions I have selected in my spec
file appropriate for a backup server?

- -- 
R
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWNlHEAAoJEHhEzLg73SRi30AP/37NkJEKbU0gObQ+vilkgRwM
xV/nKACEXYV1YKz6RIch/PrVF9pGoVmPsXMEnVr3SHYL+nuCXRlwbQuLci4id9JS
3b/rudUScW5IMVAinvCsWuep03ryOc72qr57o2lrjijh1jiGyw2pRtWXknUzaxZD
igChWE/zZ16BaSpGrRQegG38cySo/SwaCz16xseHop0GhN+ZGxGETwIVOUEHg0ar
hJPJnvK/18EtzsU1XheVk/vA13EdpGbPmGglt5ljeDfdJunM/4LVMX8bUQQ9hvLV
GPIpc/8DvBH+V+MLgSQrsRfqBQo+gopdwNSl8OjHeoD4bRg1PFdI7ezAf4bQL6l6
nVPaLQ0+iGgc5J9AtuDpVqT2Zk5a/ywymis6zEgYN71vM7Gw8CqC1qLT0iwDFlVa
DZ+Kz1eMYGgH6Q9bte6kkxoVOhNaY7jlhoKCcCa8LQLGEGxaX2GpT5VTkhpa0r90
7sXhUW1sonvHZoNXB9Dtcv++3OmLuvnqqmAg5PVOPiTtsX+3yar4sU8/qDm8kFWO
vJV+QYucsuqLW9icJuLazf1LK/Q18Rxg3bzQtyW6sD8gafI4wFoYxReR8FOzA5vi
c/TOAFNKdNK+4kkn1RD5zeefouOhO0dbCTqZGGu2z2sTSyhkYqNZajj8ICTw4kE5
0bCKtYsaWj8DN92IkDzp
=GNAx
-----END PGP SIGNATURE-----
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux