Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow also 444 for security file mode #1117

Merged
merged 1 commit into from
Mar 16, 2017
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions sway/config.c
Original file line number Diff line number Diff line change
Expand Up @@ -547,8 +547,8 @@ bool load_main_config(const char *file, bool is_active) {
list_qsort(secconfigs, qstrcmp);
for (int i = 0; i < secconfigs->length; ++i) {
char *_path = secconfigs->items[i];
if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || (s.st_mode & 0777) != 0644) {
sway_log(L_ERROR, "Refusing to load %s - it must be owned by root and mode 644", _path);
if (stat(_path, &s) || s.st_uid != 0 || s.st_gid != 0 || (((s.st_mode & 0777) != 0644) && (s.st_mode & 0777) != 0444)) {
sway_log(L_ERROR, "Refusing to load %s - it must be owned by root and mode 644 or 444", _path);
success = false;
} else {
success = success && load_config(_path, config);
Expand Down
2 changes: 1 addition & 1 deletion sway/sway-security.7.txt
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ you must make a few changes external to sway first.

Configuration of security features is limited to files in the security directory
(this is likely /etc/sway/security.d/*, but depends on your installation prefix).
Files in this directory must be owned by root:root and chmod 644. The default
Files in this directory must be owned by root:root and chmod 644 or 444. The default
security configuration is installed to /etc/sway/security.d/00-defaults, and
should not be modified - it will be updated with the latest recommended security
defaults between releases. To override the defaults, you should add more files to
Expand Down