[Bug 847801] New: mlocate only useable for users in "locate" group
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c0
Summary: mlocate only useable for users in "locate" group
Classification: openSUSE
Product: openSUSE 13.1
Version: RC 1
Platform: Other
OS/Version: openSUSE 12.3
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Release Notes
AssignedTo: ke@suse.com
ReportedBy: suse-beta@cboltz.de
QAContact: coolo@suse.com
Found By: Beta-Customer
Blocker: ---
copy&paste from "[opensuse-factory] observations with 13.1RC1 (locate, mga)"
from dieter
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c1
Karl Eichwalder
On October 27, 2013 at 6:24 PM dieter
wrote: findutils-locate was replaced by mlocate.
Why do you think so? findutils [1] is still shipped with locate(1) and the update(1) job for cron. [1] https://build.opensuse.org/package/show/openSUSE:13.1:Update/findutils =========================================================================== Please check it again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c2
--- Comment #2 from Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c3
Tomáš Chvátal
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c4
Dirk Weber
From: Bernhard Voelker <mail at bernhard-voelker dot de>
Why do you think so?
Before the upgrade in openSUSE 12.3 I had findutils-4.5.10-10.8.1.i586 findutils-locate-4.5.10-10.8.1.i586 I did the upgrade using zypper dup without modifying the list of packages which should be installed or upgraded. After the upgrade in 13.1 I have findutils-4.5.12-1.1.i586 mlocate-0.26-4.1.2.i586 Again - I did not choose to get mlocate, it happened automatically.
findutils [1] is still shipped with locate(1) and the update(1) job for cron.
[1] https://build.opensuse.org/package/show/openSUSE:13.1:Update/findutils
===========================================================================
Please check it again.
My observation was that the upgrade replaced findutils-locate by mlocate and it required the steps mentioned in the bug description to get it working. The rpm findutils did not and does not contain locate and updatedb, it was split off some versions ago into the findutils-locate rpm package which is not installed by default. comment 3 states that it was a decision to replace findutils-locate by Mlocate. So the upgrade behaved as it should. BTW: in https://bugzilla.novell.com/show_bug.cgi?id=847826 I also stated that the new database for Mlocate was created correctly as soon as the daily cron job was run - which can mean a delay of up to 24 hours. For somebody who wants to use locate for post processing (e.g. rpmnew or rpmsav) files after the upgrade this is inconvenient. Therefore I suggest: if in the final release of 13.1 Mlocate replaces findutils-locate (like it is in 13.1 RC1) the resulting required change to add the users who want to use locate to the group locate should be mentioned in the release notes. Currently I see no reason to fall back to findutils-locate. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c5
Karl Eichwalder
Yea I added mlocate as replacement for findutils because it is way faster in both search and logging.
FWIW the group issue should be solved but I am bit torn about the solution.
The more it mimics locate, the better ;) As long as it is mostly similar to locate, we do not need a release notes entry. If if would hide more than locate, we should probably provide a release notes snippet telling the user how he can work around the restriction.
1) Upstream uses sgid which lets you to read the whole file and determine what you can see and what not. And our security won't let this happen altho all other distros just go with it and are happy about :( 2) We have the group while locate command itself does not show files you can't access you still can read the db file completely because you are in the group. 3) We can reduce the scope of usability to index only as nobody:nobody and thus allow everyone to read our file, but then nothing of importance would be there which severly impacts the actual usability of the thing.
Ok, unfortunately, I cannot decide about it. I personally would vote to make all the files available to the user that he could see using 'find' ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c6
Tomáš Chvátal
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c7
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c8
--- Comment #8 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c9
Karl Eichwalder
Ah I wrote bug not bnc in the changelog so it was not picked.
https://build.opensuse.org/request/show/205109
No groups, default settings same as old locate, only the locate db changed format and was moved, not sure what to do about that.
After updating to the current 13.1 GM candidate with yast, I -- as the regular user 'ke' -- can no longer use it: locate Document bash: /usr/bin/locate: Permission denied Maybe, your fix still sits in the update area? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c10
--- Comment #10 from Tomáš Chvátal
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c11
Benjamin Brunner
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c12
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c13
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c14
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c15
Christian Boltz
Here is my proposal: [...] In case you encounter a "Permission denied" message, and want to speed up the access to the database file, consider to remove <filename>cron.daily</filename> (do not do this if you run sensible tasks via the <filename>cron.daily</filename> mechanism): </para> <screen>rm /var/spool/cron/lastrun/cron.daily</screen> <para> Within the next 15 minutes the daily cron routine will start and build a proper mlocate file. </para>
Why don't you recomment to just run /etc/cron.daily/mlocate.cron as root once? That's easier to explain, faster (you don't have to wait 15 minutes) and avoids the possible side effects of an additional cron.daily run. Proposal: In case you encounter a "Permission denied" message shortly after installing mlocate, run /etc/cron.daily/mlocate.cron as root once. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c16
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c17
--- Comment #17 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=847801
https://bugzilla.novell.com/show_bug.cgi?id=847801#c18
--- Comment #18 from Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com