On Wed, 10 Apr 2013 22:51, Cristian Rodríguez
El 10/04/13 14:57, Stephan Kulow escribió:
Hi,
There seem to be different concepts what permissions and owner /srv/tftpboot should have. Can we agree on something? :)
found conflict of atftp-0.7.0-156.1.x86_64 with kiwi-pxeboot-5.05.7-582.1.noarch: - /srv/tftpboot [mode mismatch: d750 tftp:tftp, d755 root:root] found conflict of dnsmasq-2.65-5.1.x86_64 with kiwi-pxeboot-5.05.7-582.1.noarch: - /srv/tftpboot [mode mismatch: d750 root:tftp, d755 root:root] found conflict of kiwi-pxeboot-5.05.7-582.1.noarch with tftp-5.2-5.1.x86_64: - /srv/tftpboot [mode mismatch: d755 root:root, d750 root:tftp]
Greetings, Stephan
root:root and we drop any capability or limit access via systemd units.
Well, either "d755 root:root": everybody on the machine can read the dir, or "d750 root:tftp": tftp can read, others not, that way closes some avenues of risks. IMHO, from the sec. aspect, "d750 root:tftp" should be prefered. - Yamaban