modoboa icon indicating copy to clipboard operation
modoboa copied to clipboard
verified publisher icon modoboa

Installer config should have tighter security

Open trinkel opened this issue 4 years ago • 1 comments

Impacted versions

  • OS Type: Debian/Ubuntu, Centos/Redhat, Arch, Gentoo, Slack, ... Ubuntu

  • OS Version: Number or Name 18.04.5

  • Modoboa: 1.17.0

  • installer used: Yes

Software is not installed yet, so the rest isn't available yet

  • Database Type: PostgreSQL / MySQL
  • Database version: X.y
  • Webserver: Nginx/Apache

Steps to reproduce

List directory contents

Current behavior

Permissions on installer.cfg are group and world readable. Since database passwords are included in the file, should it be readable only by the user (root)?

Expected behavior

Permissions should be 0600?

Video/Screenshot link (optional)

trinkel avatar Feb 05 '21 22:02 trinkel

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Apr 06 '21 23:04 stale[bot]