Darren J Moffat wrote:
> Jim Li wrote:
>> Q4. What reserved GID is being used for slocate? and other questions
>> about this.
>>
>> Group "slocate" is not necessary by going through the source code
>> deeply.
>> So just remove all "slocate" relative stuff.
>
> So slocate is no longer SUID or SGID ?
Yes, it not.
>
>> Q7. Does Slocate work with ACLs on Solaris?
>>
>> Actually, Slocate uses system call access() to check file
>> permissions, so it works
>> with ACLs pretty well. Slocate always filter out files the invoking
>> users can't
>> access when creating index file or display the found file name.
>>
>> If there is an ACL that would deny a user decending down a particular
>> directory path
>> ( and thus not being able to see further filenames) will that be
>> honoured by slocate?
>>
>> Yes. Slocate will just skip all filename under this path.
>>
>> The slocate index file doesn't contain any permission information. it
>> checks permission
>> at run
>
> but if slocate isn't SUID or SGID to root or the owner of the database
> file that implies that the database file is world readable so this
> check is a bit pointless.
>
"check permission" here doesn't mean that it check
/var/lib/slocate/slocate.db's permission. Firstly it will search all
matched file name according to user inputed arguments in index file.
Secondly, it will check all found file name's permission for invoking
user to decide if filter out or not.
> So what is the ownership and permissions of /var/lib/slocate/slocate.db
>
The ownership is root, group is other and permissions is 744
