Skip to content

Commit 504cfcf

Browse files
jnorelljnorell
committed
rspamd: set permissions on files containing passwords
1 parent 1b0fea4 commit 504cfcf

File tree

2 files changed

+8
-1
lines changed

2 files changed

+8
-1
lines changed

install/lib/installer_base.lib.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1914,8 +1914,10 @@ public function configure_rspamd() {
19141914
rename("/etc/rspamd/local.d/greylist.conf", "/etc/rspamd/local.d/greylist.old");
19151915
}
19161916

1917-
19181917
exec('chmod a+r /etc/rspamd/local.d/* /etc/rspamd/local.d/maps.d/* /etc/rspamd/override.d/*');
1918+
# protect passwords in these files
1919+
exec('chgrp _rspamd /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
1920+
exec('chmod 640 /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
19191921

19201922
# unneccesary, since this was done above?
19211923
$command = 'usermod -a -G amavis _rspamd';

server/plugins-available/rspamd_plugin.inc.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -536,6 +536,11 @@ function server_update($event_name, $data) {
536536
$app->services->restartServiceDelayed('rspamd', 'reload');
537537
}
538538
}
539+
540+
# protect passwords in these files
541+
exec('chgrp _rspamd /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
542+
exec('chmod 640 /etc/rspamd/local.d/redis.conf /etc/rspamd/local.d/classifier-bayes.conf /etc/rspamd/local.d/worker-controller.inc');
543+
539544
}
540545

541546
private function _is_valid_ip_address($ip) {

0 commit comments

Comments
 (0)