slocate for OpenSolaris [LSARC/2008/447 FastTrack timeout 07/22/2008]
Irene Huang
Irene.Huang at sun.com
Sun Aug 3 19:55:18 PDT 2008
It looks to me that there's no blocking issues for this case. If there's
no objections within 24 hours, I'd like to close the case as approved.
--Irene
On Thu, 2008-07-31 at 14:38 +0100, Darren J Moffat wrote:
> Jim Li wrote:
> > Darren J Moffat wrote:
> >>>> So what is the ownership and permissions of /var/lib/slocate/slocate.db
> >>>>
> >>> The ownership is root, group is other and permissions is 744
> >>
> >> The above check is completely useless given that that database is
> >> publically readable. Also it should't be rwx for owner it doesn't get
> >> executed it should be rw-.
> >>
> >> This is why slocate is normally installed SUID or SGID so that the
> >> database can be installed like one of the following:
> >> root root 600
> >> root slocate 640
> > Understood. Which way is better, SUID(root root 600) or root slocate 640?
>
> root:slocate 640
>
More information about the opensolaris-arc
mailing list