slocate for OpenSolaris [LSARC/2008/447 FastTrack timeout 07/22/2008]
Jim Li
Jim.Li at sun.com
Sat Aug 2 22:09:54 PDT 2008
Darren J Moffat 写道:
> Jim Li wrote:
>> Darren J Moffat wrote:
>>>>> So what is the ownership and permissions of
>>>>> /var/lib/slocate/slocate.db
>>>>>
>>>> The ownership is root, group is other and permissions is 744
>>>
>>> The above check is completely useless given that that database is
>>> publically readable. Also it should't be rwx for owner it doesn't
>>> get executed it should be rw-.
>>>
>>> This is why slocate is normally installed SUID or SGID so that the
>>> database can be installed like one of the following:
>>> root root 600
>>> root slocate 640
>> Understood. Which way is better, SUID(root root 600) or root slocate
>> 640?
>
> root:slocate 640
>
Do you think root:root 600 is aslo acceptable?
Because there are no preinstall or postinstall scripts in IPS, so there
is no way to create a group when adding a package and delete this group
when removing the package.
Thanks
Jim
More information about the opensolaris-arc
mailing list