Martin Pluskal wrote:
locate group is not necessary with recent mlocate, mlocate is currently executed as nobody.
The requirement for group locate came from the database being owned by group locate, so anyone accessing it had to be in that group. In order to restrict locate-access only to those files that a user could normally see (and allow files in restricted-permission directories to remain "hidden" from users that wouldn't normally be able to see them). If the database is only accessible by group nobody, does that users need to be part of group nobody to access it? Wouldn't it also be giving access to those processes already running in group nobody?
Also it is usually better to file in bugreport than to ask at mailing list.
Depends on whether or not it is a bug. If it was deliberately changed, then filing a bug will only get it "rejected" as no longer supported and no one except the package maintainer would be aware of the problem. Vs. documenting that anyone in group nobody might be able to access the results of 'find' run as root is something that should be widely known so security policies can be updated. (For end users that have a security policy). One of those policies on a secure machine is to NOT lump unrelated processes into the same group or username (ex. 'nobody'). -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org