diff options
| author | Victor Freire <victor@freire.dev.br> | 2022-04-19 16:14:46 -0300 |
|---|---|---|
| committer | Robin Jarry <robin@jarry.cc> | 2022-04-25 12:06:09 +0200 |
| commit | 8db09d2c73e5110064c4862e041021f552609018 (patch) | |
| tree | f6acf3807d0fe3781c675020d98ecf29fdda6e8c | |
| parent | f21916ce0a436e00e3c9d8eaf0d89c3b29a424b6 (diff) | |
| download | aerc-8db09d2c73e5110064c4862e041021f552609018.tar.gz aerc-8db09d2c73e5110064c4862e041021f552609018.zip | |
config: add unsafe-accounts-conf option
This adds the option "unsafe-accounts-conf" under the section [general]
of aerc.conf. This allows an user to specify if the accounts.conf file
must be restrict to be read by the file owner (0600).
By default it is set to "false".
Signed-off-by: Victor Freire <victor@freire.dev.br>
Acked-by: Robin Jarry <robin@jarry.cc>
| -rw-r--r-- | config/aerc.conf | 10 | ||||
| -rw-r--r-- | config/config.go | 20 | ||||
| -rw-r--r-- | doc/aerc-config.5.scd | 8 |
3 files changed, 32 insertions, 6 deletions
diff --git a/config/aerc.conf b/config/aerc.conf index 458f6359..00c6c499 100644 --- a/config/aerc.conf +++ b/config/aerc.conf @@ -1,6 +1,16 @@ # # aerc main configuration +[general] +# +# By default, the file permissions of accounts.conf must be restrictive and +# only allow reading by the file owner (0600). Set this option to true to +# ignore this permission check. Use this with care as it may expose your +# credentials. +# +# Default: false +unsafe-accounts-conf=false + [ui] # # Describes the format for each row in a mailbox view. This field is compatible diff --git a/config/config.go b/config/config.go index 8eeea100..048dd238 100644 --- a/config/config.go +++ b/config/config.go @@ -26,7 +26,8 @@ import ( ) type GeneralConfig struct { - DefaultSavePath string `ini:"default-save-path"` + DefaultSavePath string `ini:"default-save-path"` + UnsafeAccountsConf bool `ini:"unsafe-accounts-conf"` } type UIConfig struct { @@ -583,11 +584,7 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) { _root := path.Join(xdg.ConfigHome(), "aerc") root = &_root } - filename := path.Join(*root, "accounts.conf") - if err := checkConfigPerms(filename); err != nil { - return nil, err - } - filename = path.Join(*root, "aerc.conf") + filename := path.Join(*root, "aerc.conf") // if it doesn't exist copy over the template, then load if _, err := os.Stat(filename); errors.Is(err, os.ErrNotExist) { @@ -620,6 +617,10 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) { Ini: file, + General: GeneralConfig{ + UnsafeAccountsConf: false, + }, + Ui: UIConfig{ IndexFormat: "%D %-17.17n %s", TimestampFormat: "2006-01-02 03:04 PM", @@ -705,6 +706,13 @@ func LoadConfigFromFile(root *string, logger *log.Logger) (*AercConfig, error) { } } + filename = path.Join(*root, "accounts.conf") + if !config.General.UnsafeAccountsConf { + if err := checkConfigPerms(filename); err != nil { + return nil, err + } + } + accountsPath := path.Join(*root, "accounts.conf") if accounts, err := loadAccountConfig(accountsPath); err != nil { return nil, err diff --git a/doc/aerc-config.5.scd b/doc/aerc-config.5.scd index b615629b..7143cb68 100644 --- a/doc/aerc-config.5.scd +++ b/doc/aerc-config.5.scd @@ -30,6 +30,14 @@ These options are configured in the *[general]* section of aerc.conf. *default-save-path* Used as a default path for save operations if no other path is specified. +*unsafe-accounts-conf* + By default, the file permissions of accounts.conf must be restrictive + and only allow reading by the file owner (_0600_). Set this option to + *true* to ignore this permission check. Use this with care as it may + expose your credentials. + + Default: false + ## UI OPTIONS These options are configured in the *[ui]* section of aerc.conf. |