[SOLVED] World-readable permissions on config.xml

Moderators: Site Moderators, FAHC Science Team

Post Reply
ajgringo619
Posts: 23
Joined: Fri Feb 14, 2020 5:14 am

[SOLVED] World-readable permissions on config.xml

Post by ajgringo619 »

Is it necessary to have world-readable (644) permissions on /etc/foldingathome/config.xml? Curious why this is the default when passwords/keys are stored there.
Last edited by ajgringo619 on Tue Jan 18, 2022 2:07 am, edited 1 time in total.
Image
calxalot
Site Moderator
Posts: 1115
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

Re: World-readable permissions on config.xml

Post by calxalot »

It can be 0600 if you like.
ajgringo619
Posts: 23
Joined: Fri Feb 14, 2020 5:14 am

Re: World-readable permissions on config.xml

Post by ajgringo619 »

calxalot wrote:It can be 0600 if you like.
Thanks; didn't want to mess anything up when it's working so well.
Image
ajgringo619
Posts: 23
Joined: Fri Feb 14, 2020 5:14 am

Re: World-readable permissions on config.xml

Post by ajgringo619 »

To make the change permanent, I had to add this to the foldingathome.service file:

Code: Select all

# /etc/systemd/system/foldingathome.service.d/override.conf
[Service]
ExecStartPre=!/usr/bin/chmod 600 /etc/foldingathome/config.xml
Image
calxalot
Site Moderator
Posts: 1115
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

Re: World-readable permissions on config.xml

Post by calxalot »

You might want to change the umask for user fahclient
ajgringo619
Posts: 23
Joined: Fri Feb 14, 2020 5:14 am

Re: World-readable permissions on config.xml

Post by ajgringo619 »

calxalot wrote:You might want to change the umask for user fahclient
Not sure how to do this with a dynamic user, but thanks for the suggestion. My chmod command worked, but it went right back to normal after the next WU was started.
Image
calxalot
Site Moderator
Posts: 1115
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

Re: World-readable permissions on config.xml

Post by calxalot »

I think you can add
UMask=0077
in your FAHClient.service
ajgringo619
Posts: 23
Joined: Fri Feb 14, 2020 5:14 am

Re: World-readable permissions on config.xml

Post by ajgringo619 »

Thank you so much - that did the trick!
Image
Post Reply