Jim Li wrote:
>> So slocate is no longer SUID or SGID ?
> Yes, it not.
>> but if slocate isn't SUID or SGID to root or the owner of the database
>> file that implies that the database file is world readable so this
>> check is a bit pointless.
>>
> "check permission" here doesn't mean that it check
> /var/lib/slocate/slocate.db's permission.
I know that.
? Firstly it will search all
> matched file name according to user inputed arguments in index file.
> Secondly, it will check all found file name's permission for invoking
> user to decide if filter out or not.
I understand that.
>> So what is the ownership and permissions of /var/lib/slocate/slocate.db
>>
> The ownership is root, group is other and permissions is 744
The above check is completely useless given that that database is
publically readable. Also it should't be rwx for owner it doesn't get
executed it should be rw-.
This is why slocate is normally installed SUID or SGID so that the
database can be installed like one of the following:
root root 600
root slocate 640
If you don't install it this way you are missing one of the primary
reasons for slocate over locate.
--
Darren J Moffat
