From 031139baecea9254dd287ebcde97f9a35bc9bf47 Mon Sep 17 00:00:00 2001
From: Klaus Ethgen <Klaus@Ethgen.de>
Date: Sun, 7 Apr 2013 00:04:57 +0100
Subject: [PATCH] Fix a problem with security relevant file rights

The file /etc/nullmailer/remotes is a file where also password could be
configured. Therefore the original file is owned by mail and only
readable by user mail.

If there is a global setting for owner and mode as defaults for file as
it is very common, this would leak the data to the world. Setting that
explicit for the file fixes this issue.
---
 manifests/config.pp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/manifests/config.pp b/manifests/config.pp
index 204ccf3..0c38683 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -14,6 +14,9 @@
     content => "$nullmailer::remoterelay smtp $nullmailer::remoteopts\n",
     require => Class['nullmailer::package'],
     notify  => Class['nullmailer::service'],
+    owner   => 'mail',
+    group   => 'mail',
+    mode    => 0600,
   }
 
   if ($nullmailer::adminaddr == '') {