On Wed, 15 Apr 2020 08:51:35 +0200 Landry Breuil wrote:
> On Wed, Apr 15, 2020 at 08:11:09AM +0200, Martin Reindl wrote:
> > On Tue, Apr 14, 2020 at 04:51:38PM +0200, Martin Reindl wrote:
> > > Am 14.04.20 um 16:21 schrieb Stuart Henderson:
> > > > On 2020/04/14 15:59, Eric Elena wrote:
> > > >> On Tue, 14 Apr 2020 14:38:37 +0100 Stuart Henderson wrote:
> > > >>> On 2020/04/14 14:28, Kevin Chadwick wrote:
> > > >>>> On 2020-04-14 14:15, Stuart Henderson wrote:
> > > >>>>> my 2p: setting the directory 750 is a pain for tab completion,
> > > >>>>> so if this is changed I think it would be better to set permissions
> > > >>>>> on
> > > >>>>> the sensitive files only.
> > > >>>>
> > > >>>> AFAIK /etc/grafana/config.ini is the only sensitive config file.
> > > >>>> Though I have
> > > >>>> seen various other names for the configuration file in
> > > >>>> documentation. The db dir
> > > >>>> is already secured.
> > > >>>>
> > > >>>
> > > >>> ldap.toml too.
> > > >>
> > > >> I have a diff with stricter permissions for the directories and the
> > > >> files. I wanted to send it with an update of loki that is taking more
> > > >> time than expected. Note that for people who have modified their
> > > >> config.ini: they will have to adjust the permissions.
> > > >
> > > > my 2p: setting the directory 750 is a pain for tab completion,
> > > > so if this is changed I think it would be better to set permissions on
> > > > the sensitive files only.
> > > >
> > >
> > > I agree with Stuart here. So with my previous diff, it should be enough
> > > to move the config.ini line to the end of the PLIST.
> >
> > Like this, OK?
>
> Im not sure this will achieve what you want..
>
>
> > share/examples/grafana/sample.ini
> > -@sample ${SYSCONFDIR}/grafana/config.ini
>
> <snip>
>
> > @group _grafana
> > @sample /var/grafana/
> > @sample /var/log/grafana/
> > +@sample ${SYSCONFDIR}/grafana/config.ini
>
> from my experience and understanding, @sample works in conjunction with
> the previous entry for files:
>
> @sample filename
> Last preceding @file item is a sample configuration file, to be
> copied to filename at pkg_add(1) time and to be removed at
> pkg_delete(1) time.
>
> adding the @sample at the end of PLIST, i dunno what it will refer to,
> but surely not share/examples/grafana/sample.ini
>
> so if you want the change perms/ownership on the sample.ini file, i
> think you need something like
>
> share/examples/grafana/sample.ini
> @mode 0640
> @owner _grafana
> @group _grafana
> @sample ${SYSCONFDIR}/grafana/config.ini
> @mode
> @owner
> @groupI'm not sure why my mail didn't reach the list yesterday. Anyway here is a diff that sets permissions to 0755 on directories and 0640 on configuration files.
grafana-6.7.2
Description: Unix manual page
