-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 10/07/2015 01:37 PM, Randy Barlow wrote: > I've filed a request to add a new package called ari-backup: > > https://bugzilla.redhat.com/show_bug.cgi?id=1269609 My package reviewer and I had some questions about whether the permissions I have set in my spec file are justifiable or not. This software is a backup server, and the spec file I have created configured the backup store (/var/lib/ari-backup) to have restrictive permissions (root:root, 0700). The reasoning is that I didn't want to assume that it would be OK for other users who may have access to the backup server to be able to see files from other systems that have been stored there. Additionally, the folder /etc/ari-backup/jobs.d contains job configuration files, and is also configured for 0700. This is to prevent any information about what is being backed up (and how it is being backed up) from leaking. The backup jobs in there are Python scripts, and can contain arbitrary code to be executed during the backup jobs. What do others think? Are the permissions I have selected in my spec file appropriate for a backup server? - -- R -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJWNlHEAAoJEHhEzLg73SRi30AP/37NkJEKbU0gObQ+vilkgRwM xV/nKACEXYV1YKz6RIch/PrVF9pGoVmPsXMEnVr3SHYL+nuCXRlwbQuLci4id9JS 3b/rudUScW5IMVAinvCsWuep03ryOc72qr57o2lrjijh1jiGyw2pRtWXknUzaxZD igChWE/zZ16BaSpGrRQegG38cySo/SwaCz16xseHop0GhN+ZGxGETwIVOUEHg0ar hJPJnvK/18EtzsU1XheVk/vA13EdpGbPmGglt5ljeDfdJunM/4LVMX8bUQQ9hvLV GPIpc/8DvBH+V+MLgSQrsRfqBQo+gopdwNSl8OjHeoD4bRg1PFdI7ezAf4bQL6l6 nVPaLQ0+iGgc5J9AtuDpVqT2Zk5a/ywymis6zEgYN71vM7Gw8CqC1qLT0iwDFlVa DZ+Kz1eMYGgH6Q9bte6kkxoVOhNaY7jlhoKCcCa8LQLGEGxaX2GpT5VTkhpa0r90 7sXhUW1sonvHZoNXB9Dtcv++3OmLuvnqqmAg5PVOPiTtsX+3yar4sU8/qDm8kFWO vJV+QYucsuqLW9icJuLazf1LK/Q18Rxg3bzQtyW6sD8gafI4wFoYxReR8FOzA5vi c/TOAFNKdNK+4kkn1RD5zeefouOhO0dbCTqZGGu2z2sTSyhkYqNZajj8ICTw4kE5 0bCKtYsaWj8DN92IkDzp =GNAx -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
