[packages/unbound] restrict access to /etc/unbound/{,unbound.conf}
atler
atler at pld-linux.org
Sat Apr 8 18:40:49 CEST 2023
commit 01400ded77f70aca94aaac1e7df3f4881600b3cb
Author: Jan Palus <atler at pld-linux.org>
Date: Sat Apr 8 18:38:42 2023 +0200
restrict access to /etc/unbound/{,unbound.conf}
/etc/unbound dir:
- own by unbound user
- allow only exec bit for others
/etc/unbound/unbound.conf file:
- own by unbound user
- disallow access for others
unbound.spec | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/unbound.spec b/unbound.spec
index 7419bf9..abf4d4c 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -220,8 +220,8 @@ fi
%doc doc/{CREDITS,Changelog,FEATURES,LICENSE,README,TODO,control_proto_spec.txt,example.conf,ietf67-design-02.pdf,requirements.txt}
%attr(754,root,root) /etc/rc.d/init.d/unbound
%{systemdunitdir}/%{name}.service
-%dir %{_sysconfdir}/%{name}
-%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/unbound.conf
+%attr(751,unbound,root) %dir %{_sysconfdir}/%{name}
+%attr(640,unbound,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/unbound.conf
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/named.cache
%config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}/icannbundle.pem
%attr(755,root,root) %{_sbindir}/unbound
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/unbound.git/commitdiff/01400ded77f70aca94aaac1e7df3f4881600b3cb
More information about the pld-cvs-commit
mailing list