From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/2201
Path: news.gmane.org!not-for-mail
From: Charlie Brady <charlieb-supervision@budge.apana.org.au>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: Default permissions on supervise/ok
Date: Mon, 20 May 2013 20:47:37 -0400 (EDT)
Message-ID: <Pine.LNX.4.64.1305202043210.13324@e-smith.charlieb.ott.istop.com>
References: <20130520235258.GA9770@frap.net>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Trace: ger.gmane.org 1369097262 24869 80.91.229.3 (21 May 2013 00:47:42 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 21 May 2013 00:47:42 +0000 (UTC)
Cc: supervision@list.skarnet.org
To: eam@frap.net
Original-X-From: supervision-return-2435-gcsg-supervision=m.gmane.org@list.skarnet.org Tue May 21 02:47:42 2013
Return-path: <supervision-return-2435-gcsg-supervision=m.gmane.org@list.skarnet.org>
Envelope-to: gcsg-supervision@plane.gmane.org
Original-Received: from antah.skarnet.org ([212.85.147.14])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <supervision-return-2435-gcsg-supervision=m.gmane.org@list.skarnet.org>)
	id 1Ueajr-0006ud-LT
	for gcsg-supervision@plane.gmane.org; Tue, 21 May 2013 02:47:39 +0200
Original-Received: (qmail 4892 invoked by uid 76); 20 May 2013 23:40:33 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 4883 invoked from network); 20 May 2013 23:40:32 -0000
X-X-Sender: charlieb@e-smith.charlieb.ott.istop.com
In-Reply-To: <20130520235258.GA9770@frap.net>
Xref: news.gmane.org gmane.comp.sysutils.supervision.general:2201
Archived-At: <http://permalink.gmane.org/gmane.comp.sysutils.supervision.general/2201>


On Mon, 20 May 2013, eam@frap.net wrote:

> I'd like to allow any user to access supervise/ok, in order to run
> `sv stat`, but not to access supervise/control. My understanding is that
> this is safe, as supervise/ok is a read-only interface. Is this accurate,
> and is this a reasonable idea? Anything I should be warned about? Am I
> overlooking anything important?
> 
> chmod 755 supervise
> chmod 666 supervise/ok

Why wouldn't you use 644 for supervise/ok? Remember that you have no 
guarantee that Joe User will use 'sv' to access the file.