[Bug 847801] New: mlocate only useable for users in "locate" group

older
[Bug 851077] New: Request for new...

bugzilla_noreply＠novell.com

27 Oct 2013 27 Oct '13

22:10

https://bugzilla.novell.com/show_bug.cgi?id=847801 https://bugzilla.novell.com/show_bug.cgi?id=847801#c0 Summary: mlocate only useable for users in "locate" group Classification: openSUSE Product: openSUSE 13.1 Version: RC 1 Platform: Other OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes AssignedTo: ke@suse.com ReportedBy: suse-beta@cboltz.de QAContact: coolo@suse.com Found By: Beta-Customer Blocker: --- copy&paste from "[opensuse-factory] observations with 13.1RC1 (locate, mga)" from dieter : findutils-locate was replaced by mlocate. users who want to use locate have to be added to the group "locate". Probably this should be mentioned in the release notes. Sounds like a good idea. Please also add a hint how to add an user to the "locate" group. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

Show replies by date

bugzilla_noreply＠novell.com

28 Oct 28 Oct

11:37

New subject: [Bug 847801] mlocate only useable for users in "locate" group

https://bugzilla.novell.com/show_bug.cgi?id=847801 https://bugzilla.novell.com/show_bug.cgi?id=847801#c1 Karl Eichwalder changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |suse-beta@cboltz.de --- Comment #1 from Karl Eichwalder 2013-10-28 12:37:40 CET --- From: Bernhard Voelker

...

On October 27, 2013 at 6:24 PM dieter wrote: findutils-locate was replaced by mlocate.

Why do you think so? findutils [1] is still shipped with locate(1) and the update(1) job for cron. [1] https://build.opensuse.org/package/show/openSUSE:13.1:Update/findutils =========================================================================== Please check it again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

11:38

New subject: [Bug 847801] mlocate only useable for users in "locate" group

https://bugzilla.novell.com/show_bug.cgi?id=847801 https://bugzilla.novell.com/show_bug.cgi?id=847801#c2 --- Comment #2 from Karl Eichwalder 2013-10-28 12:38:54 CET --- From: Bernhard Voelker <mail at bernhard-voelker dot de> Why do you think so? findutils [1] is still shipped with locate(1) and the update(1) job for cron. [1] https://build.opensuse.org/package/show/openSUSE:13.1:Update/findutils =========================================================================== Please check it again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

17:16

New subject: [Bug 847801] mlocate only useable for users in "locate" group

https://bugzilla.novell.com/show_bug.cgi?id=847801 https://bugzilla.novell.com/show_bug.cgi?id=847801#c3 Tomáš Chvátal changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |tchvatal@suse.com InfoProvider|suse-beta@cboltz.de | --- Comment #3 from Tomáš Chvátal 2013-10-28 17:16:40 UTC --- Yea I added mlocate as replacement for findutils because it is way faster in both search and logging. FWIW the group issue should be solved but I am bit torn about the solution. 1) Upstream uses sgid which lets you to read the whole file and determine what you can see and what not. And our security won't let this happen altho all other distros just go with it and are happy about :( 2) We have the group while locate command itself does not show files you can't access you still can read the db file completely because you are in the group. 3) We can reduce the scope of usability to index only as nobody:nobody and thus allow everyone to read our file, but then nothing of importance would be there which severly impacts the actual usability of the thing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

21:12

New subject: [Bug 847801] mlocate only useable for users in "locate" group

https://bugzilla.novell.com/show_bug.cgi?id=847801 https://bugzilla.novell.com/show_bug.cgi?id=847801#c4 Dirk Weber changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |d_werner@gmx.net --- Comment #4 from Dirk Weber 2013-10-28 21:12:40 UTC --- (In reply to comment #2)

...

From: Bernhard Voelker <mail at bernhard-voelker dot de>

Why do you think so?

Before the upgrade in openSUSE 12.3 I had findutils-4.5.10-10.8.1.i586 findutils-locate-4.5.10-10.8.1.i586 I did the upgrade using zypper dup without modifying the list of packages which should be installed or upgraded. After the upgrade in 13.1 I have findutils-4.5.12-1.1.i586 mlocate-0.26-4.1.2.i586 Again - I did not choose to get mlocate, it happened automatically.

...

findutils [1] is still shipped with locate(1) and the update(1) job for cron.

[1] https://build.opensuse.org/package/show/openSUSE:13.1:Update/findutils

===========================================================================

Please check it again.

My observation was that the upgrade replaced findutils-locate by mlocate and it required the steps mentioned in the bug description to get it working. The rpm findutils did not and does not contain locate and updatedb, it was split off some versions ago into the findutils-locate rpm package which is not installed by default. comment 3 states that it was a decision to replace findutils-locate by Mlocate. So the upgrade behaved as it should. BTW: in https://bugzilla.novell.com/show_bug.cgi?id=847826 I also stated that the new database for Mlocate was created correctly as soon as the daily cron job was run - which can mean a delay of up to 24 hours. For somebody who wants to use locate for post processing (e.g. rpmnew or rpmsav) files after the upgrade this is inconvenient. Therefore I suggest: if in the final release of 13.1 Mlocate replaces findutils-locate (like it is in 13.1 RC1) the resulting required change to add the users who want to use locate to the group locate should be mentioned in the release notes. Currently I see no reason to fall back to findutils-locate. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

bugzilla_noreply＠novell.com

29 Oct 29 Oct

08:06

New subject: [Bug 847801] mlocate only useable for users in "locate" group

https://bugzilla.novell.com/show_bug.cgi?id=847801 https://bugzilla.novell.com/show_bug.cgi?id=847801#c5 Karl Eichwalder changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |tchvatal@suse.com --- Comment #5 from Karl Eichwalder 2013-10-29 09:06:24 CET --- (In reply to comment #3)

...

Yea I added mlocate as replacement for findutils because it is way faster in both search and logging.

FWIW the group issue should be solved but I am bit torn about the solution.

The more it mimics locate, the better ;) As long as it is mostly similar to locate, we do not need a release notes entry. If if would hide more than locate, we should probably provide a release notes snippet telling the user how he can work around the restriction.

...

1) Upstream uses sgid which lets you to read the whole file and determine what you can see and what not. And our security won't let this happen altho all other distros just go with it and are happy about :( 2) We have the group while locate command itself does not show files you can't access you still can read the db file completely because you are in the group. 3) We can reduce the scope of usability to index only as nobody:nobody and thus allow everyone to read our file, but then nothing of importance would be there which severly impacts the actual usability of the thing.

Ok, unfortunately, I cannot decide about it. I personally would vote to make all the files available to the user that he could see using 'find' ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.