Jim Li wrote: >> So slocate is no longer SUID or SGID ? > Yes, it not.
>> but if slocate isn't SUID or SGID to root or the owner of the database >> file that implies that the database file is world readable so this >> check is a bit pointless. >> > "check permission" here doesn't mean that it check > /var/lib/slocate/slocate.db's permission. I know that. ? Firstly it will search all > matched file name according to user inputed arguments in index file. > Secondly, it will check all found file name's permission for invoking > user to decide if filter out or not. I understand that. >> So what is the ownership and permissions of /var/lib/slocate/slocate.db >> > The ownership is root, group is other and permissions is 744 The above check is completely useless given that that database is publically readable. Also it should't be rwx for owner it doesn't get executed it should be rw-. This is why slocate is normally installed SUID or SGID so that the database can be installed like one of the following: root root 600 root slocate 640 If you don't install it this way you are missing one of the primary reasons for slocate over locate. -- Darren J Moffat