Darren J Moffat ??: > Jim Li wrote: >> Darren J Moffat wrote: >>>>> So what is the ownership and permissions of >>>>> /var/lib/slocate/slocate.db >>>>> >>>> The ownership is root, group is other and permissions is 744 >>> >>> The above check is completely useless given that that database is >>> publically readable. Also it should't be rwx for owner it doesn't >>> get executed it should be rw-. >>> >>> This is why slocate is normally installed SUID or SGID so that the >>> database can be installed like one of the following: >>> root root 600 >>> root slocate 640 >> Understood. Which way is better, SUID(root root 600) or root slocate >> 640? > > root:slocate 640 > Do you think root:root 600 is aslo acceptable? Because there are no preinstall or postinstall scripts in IPS, so there is no way to create a group when adding a package and delete this group when removing the package.
Thanks Jim
