This repository has been archived by the owner on Jun 12, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Only set capability cap_dac_read_search+ep when "others" have no exec…
…ute permission In PR #42 we talked about that it should be possible to to allow all users to run the restic binary. It was objected by @TheLastProject that the capability cap_dac_read_search is set and that would give ANY user read access to ANY file. To prevent that, the capability should only be set if "other" users have no execute permission on the restic binary. But on the the other hand, if a restic_group other than 'root' is set, we need the capability, so setting it in that case.
- Loading branch information