Once upon a time, Adam Tkac <atkac@xxxxxxxxxx> said: > Generally on production servers only administrators have access so I > don't think this is security issue. I think it's only feeling that > configuration has to be private but I'm ready keep config files private > if you think it really makes sence. But if some flaw is found and > exploited it can't protect you. Many servers don't just run one service (e.g. shared web hosting servers will run HTTP, SMTP, DNS, etc.), so the config should be protected. Anything else might as well be world-readable though (and this is really true for any non-config/non-log file in any RPM), since they can easily be downloaded through "teh intertubes". -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
