launchpad-reviewers team mailing list archive

[Colin Watson <cjwatson@xxxxxxxxxxxxx>]

Colin Watson has proposed merging lp:~cjwatson/charms/precise/squid-forwardproxy/umask into lp:~canonical-launchpad-branches/charms/precise/squid-forwardproxy/trunk.

Commit message:
Allow specifying a umask other than squid's default of 027.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/charms/precise/squid-forwardproxy/umask/+merge/299135

Allow specifying a umask other than squid's default of 027.

The default umask is reasonable in many environments, but in the case where the system's main purpose is squid and anyone who has access to the system at all ought to be able to read its logs, it just makes things unnecessarily awkward.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/charms/precise/squid-forwardproxy/umask into lp:~canonical-launchpad-branches/charms/precise/squid-forwardproxy/trunk.

=== modified file 'config.yaml'
--- config.yaml	2016-03-30 14:11:35 +0000
+++ config.yaml	2016-07-05 11:28:09 +0000
@@ -94,3 +94,8 @@
       '[{dstdomain: [www.ubuntu.com], src: [1.2.3.4, 5.6.7.0/24]}, {"!port": [80], http_access: deny}, {url_regex: ["https?://[^/]+[.]internal(/.*)?"], src: [192.168.0.0/16]}]'
       NOTE: you can use the following oneliner to verify your YAML string:
             python -c 'import yaml;import sys;print yaml.dump(yaml.load(sys.argv[1]))' '<string>'
+  umask:
+    type: string
+    default: '027'
+    description: >
+      Minimum umask which should be enforced while the proxy is running.

=== modified file 'templates/main_config.template'
--- templates/main_config.template	2015-09-28 02:42:41 +0000
+++ templates/main_config.template	2016-07-05 11:28:09 +0000
@@ -19,6 +19,8 @@
 snmp_incoming_address {{ config.my_ip_address }}
 {% endif %}
 
+umask {{ config.umask }}
+
 logformat combined {{ config.log_format }}
 access_log /var/log/squid3/access.log combined