-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thursday, 2013-06-20 at 14:25 +0200, Ludwig Nussel wrote:
That is not an explanation. I had to read the source to understand what mlocate uses the setgid bit for. It's an interesting approach but bears the risk of information leaks or worse (set[ug]id is always fishy). Bonus points for not being installed by default aside safe defaults for such a tool would be to run the indexer unprivileged to be absolutely sure the DB only ever contains files that are world readable anyways.
I actually prefer the way it is now.
The database has knowledge of every file, from all users.
However, when I ask locate for a file, it will only give me the files for which I have permissions.
This way, locate finds all my home files, something that is highly interesting for me, and will not find those files belonging to a different user, for which I have no permission.
Root finds all.
It's perfect! :-)
- -- Cheers, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar)