search

theforeman / foreman-operations-collection

Ansible collection for management of Foreman servers
GNU General Public License v3.0
10 stars 17 forks source link

don't mark proxy.conf systemd drop-in word-inaccessible #123

Closed evgeni closed 1 year ago

evgeni commented 1 year ago

there is no benefit and systemd warns about this:

systemd[1]: Configuration file /etc/systemd/system/rhcd.service.d/proxy.conf is marked world-inaccessible.
This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
evgeni commented 1 year ago 
FileNotFoundError: [Errno 2] No such file or directory: '/var/cache/dnf/download_lock.pid'

what fresh hell is this now?!

ehelms commented 1 year ago

huh, why does systemd care my drop-in file permissions? What if I need to put information in that file that I don't want everyone on the system to be able to read?

evgeni commented 1 year ago

That's exactly the point. Everyone can read it, regardless of permissions, by using systemctl cat rhcd.service. So there is no protection whatsoever by the file permissions and thus one should not use any that make people think non root can't read it.

ehelms commented 1 year ago

That's exactly the point. Everyone can read it, regardless of permissions, by using systemctl cat rhcd.service. So there is no protection whatsoever by the file permissions and thus one should not use any that make people think non root can't read it.

:facepalm: