-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix config permissions #90
Conversation
Is there a specific error message happening to tell you this? We may want to cover this via testing if possible. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems like a reasonable change. I'd prefer to have a little test coverage to ensure the permissions are set correctly to avoid this regression in the future.
So reloading configuration via #89 outlines the error experienced |
This is awaiting #92 |
The default permissions were too strict. We didn't want the config files writeable by PowerDNS becuase it's not necessary for operation but they need to be readable x.x This splits the difference by not making them world readable but making the pdns user the group. This might be a touch too far and we may want to 644 and make the user and group that set by the resource. Feedback welcome. Signed-off-by: David Aronsohn <WagThatTail@Me.com>
4e901a4
to
b9a5c7b
Compare
@mengesb What command exactly were you running? reload-zones I assume from your error message? I would like to write some regression tests |
Yeah my first command was |
testing If you want to test your handling of |
for server; it's pdnsutil |
Failure:
Success:
output it to STDOUT in all cases; exit's 0 all the time I'll have to get you pdnsutil output later |
Signed-off-by: David Aronsohn <WagThatTail@Me.com>
w00t!
…On Mar 8, 2018 14:22, "David Aronsohn" ***@***.***> wrote:
Merged #90 <#90>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#90 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABUHF5YBX1LewiN-fvdACisi71Gq6MF3ks5tca8TgaJpZM4SZFXd>
.
|
The default permissions were too strict. We didn't want the config files writeable by PowerDNS because it's not necessary for operation, but they need to be readable x.x
This PR splits the difference by not making the files world readable but making them the group set by the resource.
This might be a touch too far, and we may want to 644 and make the user and group that set the resource.
Feedback welcome.
Fixes: #89