Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the "configuration file ... may have insecure file permissions" warning configurable #1677

Closed
johanneskastl opened this issue Dec 6, 2024 · 4 comments · Fixed by #1685
Closed

Make the "configuration file ... may have insecure file permissions" warning configurable #1677

johanneskastl opened this issue Dec 6, 2024 · 4 comments · Fixed by #1685
Labels
Feature

Comments

@johanneskastl
Copy link

johanneskastl commented Dec 6, 2024
edited
Loading

Is your feature request related to a problem? Please describe.
On every osc command I issue, I get a warning that my configuration file may have insecure file permissions.

In my case, the file is a link, as it is being managed by home-manager. This means that the chmod 0600 is not successful.

But as I am sure that it does not contain sensitive information (I am using kwallet), I am annoyed by this warning. Can this be configured?

Describe the solution you'd like
I would like to make this warning configurable by having a new option inside the configuration file. Of course, this only works if the configuration file is being parsed before checking, which I guess it currently not the case.

Describe alternatives you've considered
I thought about sending a PR to change the detection to not error out if it finds a link. Or to check the directory's permissions instead, if a link is found.

But that sounds like it would not prevent bad things too happen, if someone uses a link AND has a password in the file.
@dmach
Copy link
Contributor

dmach commented Jan 2, 2025

@johanneskastl is it somehow possible to detect that the file is managed by home-manager?
Where does it point to?

@johanneskastl
Copy link
Author

@johanneskastl is it somehow possible to detect that the file is managed by home-manager? Where does it point to?

If the file is a link and is pointing to somewhere in /nix/store/, chances are high this is from home-manager. In my case, the link goes to /nix/store/m2iyn0hldpbmv6hpar6inrknwn5y7kqy-home-manager-files/.config/osc/oscrc (which in turn is a symlink pointing to the actual file inside the nix store).

I do not know if other dotfile management systems also use links, so maybe the warning can be made configurable? Even if the file is no link, if there are no passwords in them (when using keyring/kwallet/...), the permissions should not matter much?

@dmach dmach mentioned this issue Jan 6, 2025
Merged
@dmach
Copy link
Contributor

dmach commented Jan 6, 2025

@johanneskastl could you check if #1685 works for you?

@johanneskastl
Copy link
Author

@johanneskastl could you check if #1685 works for you?

Done, looks good to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Mute oscrc permissions warning when there's no password set dmach/osc
2 participants
@dmach @johanneskastl