[opensuse] Re: [opensuse-factory] Re: Question about findutils-locate
Linda Walsh wrote:
Ie, if I'm plain user john:users, I should have permissions to use locate on my "/home/john" directory, but not those of /root, and maybe yes, maybe not, those of "/home/ian", depending on group permissions.
I would say it should let you see the same files you can see with 'ls'.
If I am not root, and ls /root, I can see nothing.
OTOH, Just because I can't write to files in /usr/bin or whatever, doesn't mean I wouldn't want them to show up in a locate. Even if the files are unreadable -- if they are in a directory that is readable, then their names should appear on locate.
IIRC, locate simply searches a file created by updatedb. Since updatedb runs as root, it should contain all files. Since locate can be run by anyone, anyone can see all the files. To do anything else would require updatedb to save the permissions and locate to honour them. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2013-06-14 13:54, James Knott wrote:
Linda Walsh wrote:
Since updatedb runs as root, it should contain all files.
No, it runs as "nobody" by default. Mlocate probably runs as root, I have not verified yet.
Since locate can be run by anyone, anyone can see all the files.
But not mlocate, you have to be in the "locate" group.
To do anything else would require updatedb to save the permissions and locate to honour them.
Absolutely, that's what I propose. -- Cheers / Saludos, Carlos E. R. (from 12.3 x86_64 "Dartmouth" at Telcontar)
James Knott wrote:
Linda Walsh wrote:
Ie, if I'm plain user john:users, I should have permissions to use locate on my "/home/john" directory, but not those of /root, and maybe yes, maybe not, those of "/home/ian", depending on group permissions.
I would say it should let you see the same files you can see with 'ls'.
If I am not root, and ls /root, I can see nothing.
OTOH, Just because I can't write to files in /usr/bin or whatever, doesn't mean I wouldn't want them to show up in a locate. Even if the files are unreadable -- if they are in a directory that is readable, then their names should appear on locate.
IIRC, locate simply searches a file created by updatedb. Since updatedb runs as root, it should contain all files. Since locate can be run by anyone, anyone can see all the files. To do anything else would require updatedb to save the permissions and locate to honour them.
At many sites updatedb is run as user nobody, so only public files are viewable. I prefer to have all files listed, being the only person on my machine -- so I run it as root. But on my windows machine I run locate as my userid (which can _usually_ see all the files)... You can also run the locate user in it's own group and allow those who want their dirs to be in that group, OR, IF, like on my machine, you assign 1 group/user, then each user has their group and locate could be placed in the groups of those users who want to be indexed... Many ways of accomplishing levels of access with updatedb + locate. When I looked at mlocate, it was a huge step down in configurability. So I quickly forgot about it. Maybe it has improved since I last looked at it, I dunno. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Carlos E. R. -
James Knott -
Linda Walsh