2014/09/22 5:21 "Ansgar Burchardt" <ansgar@43-1.org>:
>
> Hi Joel,
>
> Joel Rees <joel.rees@gmail.com> writes:
> > (6) systemd and cgroups (at minimum) end up overriding the permissions
> > system. It's bad enough having SELinux and ACLs brought in to knock
> > holes in the permissions system, but when arbitrary non-kernel system
> > functions start getting their hands into the equation, there is no way
> > to be sure that when you set any particular file under /etc or under
> > ~/ -- including /etc/ssh and ~/.shh -- as mode 740, that the effective
> > permissions don't end up 666 or 1147. In this case, even pid 1 is a
> > group of arbitrary non-kernel functions.
> >
> > Permissions and race conditions are not the only ways that the
> > modularity of these technologies is broken. I'm not going to try to
> > enumerate them here.
>
> I'm interested how use of systemd and cgroups will make a file in
> /etc/ssh or ~/.ssh change effective permissions. Could you explain that
> in simple, reproducible steps?
When I can, I'll file a bug report. If ever.
I know the theory, so I don't use those, so it's not a high priority for me.
If you are interested, read the manuals,do the math, it falls out, even though the manuals are written with a certain bias.