Marcus, Actually, osc should not touch or change anything in the home directory, if the permissions of oscrc are not right, then it should just refuse to run and ask the user to change the permissions of .oscrc. Another thing I noticed is that it manipulates the user credentials, removes password entries and such without asking the user, which is really a bad behaviour IMO, such changes should be confirmed or done by the user. What is wrong with having a system level oscrc file? For example in /etc/oscrc? This is not less secure, since the the permissions of the file /etc can be set to prevent other's from reading it. Anas On 25 Feb 2011, at 11:18, Marcus Rueckert wrote:
On 2011-02-25 11:04:51 +0800, JF Ding wrote:
Hi all, As current code, osc/conf.py:722 os.chmod(conffile. 0600) the specified oscrc file, whether or not ~/.oscrc, should be writable for current user. But in some cases, users want to run osc as special user, e.g. nobody in some daemons, and there's no a proper place to store the writable oscrc. If osc can support global readonly oscrc for system wide configuration, the things can be easier.
it would be much easier if you create a home directory for your special users and suddenly all the logic would work again.
My question is: should osc support the readonly global oscrc? Is there any potential security issue?
the password is stored in the oscrc.
darix
-- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
-- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org