Re: [opensuse-packaging] New lightdm user and group

* Guido Berhoerster [2011-07-29 16:21]:

* Ludwig Nussel [2011-07-29 14:55]:

...

Pavol Rusnak wrote:

...

On 07/26/2011 12:49 AM, Guido Berhoerster wrote:

...

/var/run/lightdm lightdm:lightdm 751 /var/log/lightdm lightdm:lightdm 750 /var/lib/lightdm lightdm:lightdm 750

The package is X11:xfce/lightdm.

Security team: is this the correct setup we could use? (User and group are created in %pre scriptlet of the package).

Almost. Log directories shouldn't be writable by the daemon user¹.

Greeters are exec'd as the "lightdm" user need to create their logfiles somehow.

GDM seems to do the same, from GNOME:Factory/gdm gdm.spec:

%attr(750,gdm,gdm) %dir %{_localstatedir}/log/gdm

Looking at an actual system with gdm running /var/log/gdm has the sticky bit set (does gdm chmod it?) which seems like a solution to the issue. So should I use /var/log/lightdm root:lightdm 1770 instead? What do I need to do in order to get this into the rpmlint list of allowed users? -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org