Darren J Moffat wrote: > James Carlson wrote: > >> Jim Li writes: >> >>> 2> Slocate will check file permissions and ownership before >>> displaying matched files so that files they don't have access to >>> will be filtered out. Tracker will display all matched files no >>> matter what the permissions and ownershiop are. >> >> >> I assume that's an attempt at security. As described, it likely >> doesn't work with ACLs on Solaris, and should have a warning. It >> won't necessarily provide the desired security. > > > If by "doesn't work with ACLs" means that it gives out information > about files that the user would not normally be able to see because > the ACL denys them access then that is a security vulnerability it it > must not be integrated like that. The lack of ACL support is an > architectural issue, if it fails safe then I think this case can > integrate but an RFE should be logged upstream to add ACL support. If > it fails unsafe (as above) then ACL support must be provided for this > case to be approved. > Actually, slocate uses system call access() to check file permissions and ownership, so slocate works with ACLs. By the way, slocate only creates index and works on file name, not file content.
I'm still working on adding a cron job and trying to remove group id which seems not neccessary for this project right now. I'll update ARC material after finish all of them. Thanks your guy's great points and suggestion Jim
