[Bug 551765] Review Request: prosody - Flexible communications server for Jabber/XMPP
bugzilla at redhat.com
bugzilla at redhat.com
Thu Sep 9 20:38:23 UTC 2010
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=551765
--- Comment #9 from Matthias Saou <matthias at rpmforge.net> 2010-09-09 16:38:22 EDT ---
About the /var/lib/prosody : If you test on EL-5 you'll see what I mean. The
macro you use creates and owns /usr/com/prosody there instead, so things fail.
You'll also notice that _initddir doesn't exist, you might want to change to
_sysconfdir/init.d or similar.
Another issue (I find them while moving forward) : The crt and key files are
mode 644, which means that any user of the machine can get them. Bad. I suggest
you include them as 600 which then requires them to be readable by the
"prosody" user. You can either/also change /etc/prosody/certs to be mode 700,
and/or /etc/prosody too.
I'm unsure as if there is a strict policy about key and crt files, but another
option would be to put them in /etc/pki/tls/{certs,private}/ with all the other
files and make them mode 600 and owned by "prosody".
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the package-review
mailing list