https://bugzilla.redhat.com/show_bug.cgi?id=1304882 --- Comment #15 from awilliam@xxxxxxxxxx <awilliam@xxxxxxxxxx> --- "%config(noreplace) %attr(-,geekotest,root) %{_sysconfdir}/openqa/openqa.ini %config(noreplace) %attr(-,geekotest,root) %{_sysconfdir}/openqa/database.ini Why are those owned by the user? Can they be updated dynamically at runtime?" ah, so, I remember! This is not necessary for openqa.ini , I can fix that. The reason for database.ini is that it may contain sensitive information (specifically, the database password, depending on how you're doing database auth); we need only the openqa server to be able to read it. There's really no need for it to be writeable by the server, so perhaps we could make it 0440 or 0400 - IIRC root ignores perms and can write to anything that's not immutable, though I'm not sure if it's 'bad practice' to set a file you expect root to write to be read-only. We could do 0460, I guess, but that seems odd. The perms are set by the upstream install script (we can always change them, but since we have a good relationship with upstream it would really make sense to change it there instead of having a downstream change). -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review