Revert "ease file-permissions, they sometimes cause issues"

This reverts commit 5ead5e9c90. part of this commit is reverted as most files shouldn't be world readable
2015-10-08 00:32:13 +02:00
parent 2b8a9a74be
commit 9d45f4d534
6 changed files with 93 additions and 93 deletions
--- a/lib/configfiles/rhel_centos.xml
+++ b/lib/configfiles/rhel_centos.xml
@@ -78,7 +78,7 @@
 					</commands>
 					<files index="0">
 						<file name="/etc/postfix/mysql-virtual_alias_maps.cf" chown="root:postfix"
-							chmod="0644">
+							chmod="0640">
 							<content><![CDATA[
 user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
@@ -89,7 +89,7 @@ query = SELECT destination FROM mail_virtual WHERE email = '%s' AND trim(destina
 							</content>
 						</file>
 						<file name="/etc/postfix/mysql-virtual_mailbox_domains.cf"
-							chown="root:postfix" chmod="0644">
+							chown="root:postfix" chmod="0640">
 							<content><![CDATA[
 user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
@@ -100,7 +100,7 @@ query = SELECT domain FROM panel_domains WHERE domain = '%s' AND isemaildomain =
 							</content>
 						</file>
 						<file name="/etc/postfix/mysql-virtual_mailbox_maps.cf"
-							chown="root:postfix" chmod="0644">
+							chown="root:postfix" chmod="0640">
 							<content><![CDATA[
 user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
@@ -112,7 +112,7 @@ query = SELECT CONCAT(homedir,maildir) FROM mail_users WHERE email = '%s'
 							</content>
 						</file>
 						<file name="/etc/postfix/mysql-virtual_sender_permissions.cf"
-							chown="root:postfix" chmod="0644">
+							chown="root:postfix" chmod="0640">
 							<content><![CDATA[
 user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
@@ -123,7 +123,7 @@ query = SELECT DISTINCT username FROM mail_users WHERE email in ((SELECT mail_vi
 							</content>
 						</file>
 						<file name="/etc/postfix/mysql-virtual_uid_maps.cf" chown="root:postfix"
-							chmod="0644">
+							chmod="0640">
 							<content><![CDATA[
 user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
@@ -135,7 +135,7 @@ query = SELECT uid FROM mail_users WHERE email = '%s'
 							</content>
 						</file>
 						<file name="/etc/postfix/mysql-virtual_gid_maps.cf" chown="root:postfix"
-							chmod="0644">
+							chmod="0640">
 							<content><![CDATA[
 user = <SQL_UNPRIVILEGED_USER>
 password = <SQL_UNPRIVILEGED_PASSWORD>
@@ -1658,7 +1658,7 @@ plugin {
 						</content>
 					</file>
 					<file name="/etc/dovecot/dovecot-sql.conf.ext" chown="root:0"
-						chmod="0644">
+						chmod="0640">
 						<content><![CDATA[
 # This file is opened as root, so it should be owned by root and mode 0600.
 #
@@ -1813,7 +1813,7 @@ iterate_query = SELECT username AS user FROM mail_users
 				<!-- Proftpd -->
 				<daemon name="proftpd" version="1.3" title="ProFTPd" default="true">
 					<install><![CDATA[yum install proftpd proftpd-mysql]]></install>
-					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0644"
+					<file name="/etc/proftpd/proftpd.conf" chown="root:0" chmod="0600"
 						backup="true">
 						<content><![CDATA[
 # This is the ProFTPD configuration file
@@ -2275,7 +2275,7 @@ ControlsLog			/var/log/proftpd/controls.log
 			<service type="system" title="{{lng.admin.configfiles.etc}}">
 				<!-- Cronjob -->
 				<daemon name="cron" title="Cronjob for froxlor" mandatory="true">
-					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0644">
+					<file name="/etc/cron.d/froxlor" chown="root:0" chmod="0640">
 						<content><![CDATA[
 #
 # Set PATH, otherwise restart-scripts won't find start-stop-daemon
@@ -2302,7 +2302,7 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin
 				<daemon name="libnss" title="libnss-mysql (required for FCGID/php-fpm/mpm-itk)">
 					<install><![CDATA[yum --enablerepo=extras install epel-release]]></install>
 					<install><![CDATA[yum install libnss-mysql nscd]]></install>
-					<file name="/etc/libnss-mysql.cfg" chown="root:root" chmod="0644"
+					<file name="/etc/libnss-mysql.cfg" chown="root:root" chmod="0600"
 						backup="true">
 						<content><![CDATA[
 getpwnam    SELECT username,'x',uid,gid,'Froxlor Customer',homedir,shell \
@@ -2360,7 +2360,7 @@ password	<SQL_UNPRIVILEGED_PASSWORD>
 						<command><![CDATA[sed -i.bak 's|^\\(socket\\).*$|\\1\\"{{sql.socket}}\\"|' /etc/libnss-mysql.cfg]]></command>
 					</commands>
 					<file name="/etc/libnss-mysql-root.cfg" chown="root:root"
-						chmod="0644" backup="true">
+						chmod="0600" backup="true">
 						<content><![CDATA[
 username	<SQL_UNPRIVILEGED_USER>
 password	<SQL_UNPRIVILEGED_PASSWORD>