config: add unsafe-accounts-conf option
This adds the option "unsafe-accounts-conf" under the section [general] of aerc.conf. This allows an user to specify if the accounts.conf file must be restrict to be read by the file owner (0600). By default it is set to "false". Signed-off-by: Victor Freire <victor@freire.dev.br> Acked-by: Robin Jarry <robin@jarry.cc>
This commit is contained in:
parent
f21916ce0a
commit
8db09d2c73
3 changed files with 32 additions and 6 deletions
|
@ -1,6 +1,16 @@
|
||||||
#
|
#
|
||||||
# aerc main configuration
|
# aerc main configuration
|
||||||
|
|
||||||
|
[general]
|
||||||
|
#
|
||||||
|
# By default, the file permissions of accounts.conf must be restrictive and
|
||||||
|
# only allow reading by the file owner (0600). Set this option to true to
|
||||||
|
# ignore this permission check. Use this with care as it may expose your
|
||||||
|
# credentials.
|
||||||
|
#
|
||||||
|
# Default: false
|
||||||
|
unsafe-accounts-conf=false
|
||||||
|
|
||||||
[ui]
|
[ui]
|
||||||
#
|
#
|
||||||
# Describes the format for each row in a mailbox view. This field is compatible
|
# Describes the format for each row in a mailbox view. This field is compatible
|
||||||
|
|
|
@ -26,7 +26,8 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
type GeneralConfig struct {
|
type GeneralConfig struct {
|
||||||
DefaultSavePath string `ini:"default-save-path"`
|
DefaultSavePath string `ini:"default-save-path"`
|
||||||
|
UnsafeAccountsConf bool `ini:"unsafe-accounts-conf"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type UIConfig struct {
|
type UIConfig struct {
|
||||||
|
@ -583,11 +584,7 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
|
||||||
_root := path.Join(xdg.ConfigHome(), "aerc")
|
_root := path.Join(xdg.ConfigHome(), "aerc")
|
||||||
root = &_root
|
root = &_root
|
||||||
}
|
}
|
||||||
filename := path.Join(*root, "accounts.conf")
|
filename := path.Join(*root, "aerc.conf")
|
||||||
if err := checkConfigPerms(filename); err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
filename = path.Join(*root, "aerc.conf")
|
|
||||||
|
|
||||||
// if it doesn't exist copy over the template, then load
|
// if it doesn't exist copy over the template, then load
|
||||||
if _, err := os.Stat(filename); errors.Is(err, os.ErrNotExist) {
|
if _, err := os.Stat(filename); errors.Is(err, os.ErrNotExist) {
|
||||||
|
@ -620,6 +617,10 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
|
||||||
|
|
||||||
Ini: file,
|
Ini: file,
|
||||||
|
|
||||||
|
General: GeneralConfig{
|
||||||
|
UnsafeAccountsConf: false,
|
||||||
|
},
|
||||||
|
|
||||||
Ui: UIConfig{
|
Ui: UIConfig{
|
||||||
IndexFormat: "%D %-17.17n %s",
|
IndexFormat: "%D %-17.17n %s",
|
||||||
TimestampFormat: "2006-01-02 03:04 PM",
|
TimestampFormat: "2006-01-02 03:04 PM",
|
||||||
|
@ -705,6 +706,13 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
filename = path.Join(*root, "accounts.conf")
|
||||||
|
if !config.General.UnsafeAccountsConf {
|
||||||
|
if err := checkConfigPerms(filename); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
accountsPath := path.Join(*root, "accounts.conf")
|
accountsPath := path.Join(*root, "accounts.conf")
|
||||||
if accounts, err := loadAccountConfig(accountsPath); err != nil {
|
if accounts, err := loadAccountConfig(accountsPath); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
|
@ -30,6 +30,14 @@ These options are configured in the *[general]* section of aerc.conf.
|
||||||
*default-save-path*
|
*default-save-path*
|
||||||
Used as a default path for save operations if no other path is specified.
|
Used as a default path for save operations if no other path is specified.
|
||||||
|
|
||||||
|
*unsafe-accounts-conf*
|
||||||
|
By default, the file permissions of accounts.conf must be restrictive
|
||||||
|
and only allow reading by the file owner (_0600_). Set this option to
|
||||||
|
*true* to ignore this permission check. Use this with care as it may
|
||||||
|
expose your credentials.
|
||||||
|
|
||||||
|
Default: false
|
||||||
|
|
||||||
## UI OPTIONS
|
## UI OPTIONS
|
||||||
|
|
||||||
These options are configured in the *[ui]* section of aerc.conf.
|
These options are configured in the *[ui]* section of aerc.conf.
|
||||||
|
|
Loading…
Reference in a new issue