Permissions and updatedb (WAS:Re: flashplayer9? (Mystery solved))

To: debian-user@lists.debian.org
Subject: Permissions and updatedb (WAS:Re: flashplayer9? (Mystery solved))
From: Marc Shapiro <mshapiro_42@yahoo.com>
Date: Sun, 17 Dec 2006 11:23:50 -0800
Message-id: <[🔎] 45859946.1030701@yahoo.com>
In-reply-to: <[🔎] 45855248.5010405@cox.net>
References: <[🔎] 458376D3.70607@yahoo.com> <[🔎] 4583792E.2040906@acu.edu> <[🔎] 45838D4B.7080204@yahoo.com> <[🔎] em0391$h48$1@kristal.wpmills.com> <[🔎] 87fybf3mkr.fsf@magma.ca> <[🔎] 45842CAE.3080806@yahoo.com> <[🔎] 20061216172832.GD6389@localhost.localdomain> <[🔎] 458434C0.5020609@yahoo.com> <[🔎] 20061216190921.GB7271@localhost.localdomain> <[🔎] 458456C4.3000502@yahoo.com> <[🔎] 20061216235542.GA22104@jardine.de> <[🔎] 4584B6DE.1010205@yahoo.com> <[🔎] 45855248.5010405@cox.net>

Ron Johnson wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/16/06 21:17, Marc Shapiro wrote:

David Jardine wrote:

On Sat, Dec 16, 2006 at 12:27:48PM -0800, Marc Shapiro wrote:

Yes, but there are actually quite a few hidden configuration
directories that are set with permissions of 700.  I can see that
this prevents anyone else from viewing your configs, but I don't see
a danger in that (viewing, but not changing).  I could just change
all of them from 700 to 755.  Then updatedb would find them all and
locate will actually get everything, until the next time that some
program creates its config directory with a 700 permission.

You might find that some programs (fetchmail is an example I can think
of) refuse to run if permissions on the config files are not strict
enough.

This is why I would prefer to simply change updatedb.conf so that
updatedb runs as 'root' instead of as 'nobody'.  If no one can give me a
good reason not to, then that is what I will do.


Security rule #2 : Don't run as root unless you *really* need to,
like touch the h/w.  Otherwise, use groups.

Instead of having slocate run as root, find out why ~/.mozilla/ is
set to 700.  BTW, mine is set to 700 also.  Probably because of
passwords.

As I said before, it is not just ~/.mozilla/

ALL of the following directories in my home directory have permissionsset to 700:


.skype
.aptitude
.config
.dillo
.gconf
.gconfd
.gnupgp
.jpilot
.macromedia
.mozilla
.mozilla-thunderbird
.openoffice.org2
.thunderbird

I would bet that some of them are going to check their permissions atrun time and complain if they are set too lax. So changing thepermissions of every directory to 755 is not really a viable solution.Besides, if all of these programs set their directories this way, thenothers probably will in the future and the problem will rear its uglyhead again, when I least expect it.

Maybe, as I also said before, I'll just go back to using find instead oflocate. Since find actually searches the directory tree instead of thelocatedb it is not dependent on the permissions at the time thatupdatedb is run. If I need to 'find' files that are not under ~/ I runfind with sudo, so the permissions are not a problem there, either. Iguess I am just not as paranoid as many people here (which doesn't meanthat everyone is not out to get me -- I know).


--
Marc Shapiro
mshapiro_42@yahoo.com

Reply to:

References:
- Re: flashplayer9?
  - From: Marc Shapiro <mshapiro_42@yahoo.com>
- Re: flashplayer9?
  - From: Kent West <westk@acu.edu>
- Re: flashplayer9?
  - From: Marc Shapiro <mshapiro_42@yahoo.com>
- Re: flashplayer9?
  - From: W Paul Mills <Paul-NOT@Mills-USA.com>
- Re: flashplayer9?
  - From: Angelina Carlton <brat@magma.ca>
- Re: flashplayer9?
  - From: Marc Shapiro <mshapiro_42@yahoo.com>
- Re: flashplayer9?
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: flashplayer9? (Mystery solved)
  - From: Marc Shapiro <mshapiro_42@yahoo.com>
- Re: flashplayer9? (Mystery solved)
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: flashplayer9? (Mystery solved)
  - From: Marc Shapiro <mshapiro_42@yahoo.com>
- Re: flashplayer9? (Mystery solved)
  - From: David Jardine <david@jardine.de>
- Re: flashplayer9? (Mystery solved)
  - From: Marc Shapiro <mshapiro_42@yahoo.com>
- Re: flashplayer9? (Mystery solved)
  - From: Ron Johnson <ron.l.johnson@cox.net>

Prev by Date: Re: snmpwalk to remote address gives timeout
Next by Date: Hooking into vpnc-disconnect
Previous by thread: Re: flashplayer9? (Mystery solved)
Next by thread: Re: flashplayer9? (Mystery solved)
Index(es):
- Date
- Thread